[openssl] openssl-3.0 update

2021-10-05 Thread Viktor Dukhovni 
The branch openssl-3.0 has been updated
   via  7b4fccc8a53b6befc9dc1aa4204a87cf5050747c (commit)
   via  adc0910993d8eb2581442823c1f1bf2196aaecfa (commit)
  from  aaf7185a85ead411208d0decb17e4f444dddff13 (commit)


- Log -
commit 7b4fccc8a53b6befc9dc1aa4204a87cf5050747c
Author: Viktor Dukhovni 
Date:   Mon Aug 30 15:09:43 2021 -0400

Test for DANE cross cert fix

Reviewed-by: Paul Dale 
Reviewed-by: Tomas Mraz 

commit adc0910993d8eb2581442823c1f1bf2196aaecfa
Author: Viktor Dukhovni 
Date:   Mon Aug 30 14:17:16 2021 -0400

Prioritise DANE TLSA issuer certs over peer certs

When building the certificate chain, prioritise any Cert(0) Full(0)
certificates from TLSA records over certificates received from the peer.

This is important when the server sends a cross cert, but TLSA records 
include
the underlying root CA cert.  We want to construct a chain with the issuer 
from
the TLSA record, which can then match the TLSA records (while the associated
cross cert may not).

Reviewed-by: Paul Dale 
Reviewed-by: Tomas Mraz 

---

Summary of changes:
 crypto/x509/x509_vfy.c |  20 +---
 test/certs/cross-key.pem   |  28 ++
 test/certs/cross-root.pem  |  18 +++
 test/certs/root-cross-cert.pem |  18 +++
 test/certs/setup.sh|   3 ++
 test/dane-cross.in | 113 +
 test/danetest.c|   2 +-
 test/recipes/80-test_dane.t|   6 ++-
 8 files changed, 198 insertions(+), 10 deletions(-)
 create mode 100644 test/certs/cross-key.pem
 create mode 100644 test/certs/cross-root.pem
 create mode 100644 test/certs/root-cross-cert.pem
 create mode 100644 test/dane-cross.in

diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c
index 18c6172c98..0e5b18f67e 100644
--- a/crypto/x509/x509_vfy.c
+++ b/crypto/x509/x509_vfy.c
@@ -3023,22 +3023,26 @@ static int build_chain(X509_STORE_CTX *ctx)
 may_trusted = 1;
 }
 
-/*
- * Shallow-copy the stack of untrusted certificates (with TLS, this is
- * typically the content of the peer's certificate message) so can make
- * multiple passes over it, while free to remove elements as we go.
- */
-if ((sk_untrusted = sk_X509_dup(ctx->untrusted)) == NULL)
+/* Initialize empty untrusted stack. */
+if ((sk_untrusted = sk_X509_new_null()) == NULL)
 goto memerr;
 
 /*
- * If we got any "DANE-TA(2) Cert(0) Full(0)" trust anchors from DNS, add
- * them to our working copy of the untrusted certificate stack.
+ * If we got any "Cert(0) Full(0)" trust anchors from DNS, *prepend* them
+ * to our working copy of the untrusted certificate stack.
  */
 if (DANETLS_ENABLED(dane) && dane->certs != NULL
 && !X509_add_certs(sk_untrusted, dane->certs, X509_ADD_FLAG_DEFAULT))
 goto memerr;
 
+/*
+ * Shallow-copy the stack of untrusted certificates (with TLS, this is
+ * typically the content of the peer's certificate message) so we can make
+ * multiple passes over it, while free to remove elements as we go.
+ */
+if (!X509_add_certs(sk_untrusted, ctx->untrusted, X509_ADD_FLAG_DEFAULT))
+goto memerr;
+
 /*
  * Still absurdly large, but arithmetically safe, a lower hard upper bound
  * might be reasonable.
diff --git a/test/certs/cross-key.pem b/test/certs/cross-key.pem
new file mode 100644
index 00..93cd467ac7
--- /dev/null
+++ b/test/certs/cross-key.pem
@@ -0,0 +1,28 @@
+-BEGIN PRIVATE KEY-
+MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCSkfwkYXTJFL4I
+ICRQFXji6eX9I1NI97GBu2Yk8ejwctMttcJTlBLYpYRFQnZgsLwVEhA25KKlSNPz
+PPrEVipT5Ll5J6uhWEBGLHETh8Qx4sI508B2zUP+2tnDapYtk5MNSVdQZXVt6wJu
+sXY8vd58nHPLo4zr61MTwrj3Ld0lU18YHtxnGSMMYPPTxecE0mjYU038ELxZMdlT
++VSC0KOBJddj64+kXRdiDtQGVWE58MtX5/18LgSY3J/hvNhmcWuY611pgXcmwDPr
+Sn1fDeRqG87Qs8KniS1dtWHDCVW/5KZOQeLcK6VTaEdnwdPYQ7BiJp4+3ypKmErd
+T9TYBs8XAgMBAAECggEABIxdeGpm8DjGRgSQLjLg88CNPWG89sBrQk0SbvQ1HJfq
+dJXRDxgMFtBsFTfX6kla3xfyHpQ/dY4qJZvmQNBXIQ/oiqumw9Ah153qlGJJmXdG
+PEQDEz7+2lExawwmjgk6Uvs58LMHmCNUibUdzHgsdZcwudq8R6FWZ8lvIIo6GOJg
+1gOoPbeAQtNAx8LPr+eDvpXoWJrCKJKuZCSRLV2CDmEH/+KH123cD4Lg+MsPNBJd
+DsOitnVczlqnKDf5gSUXy3cwQlKFtOBa/0pN9wZvZDEWa30RmJmXI2bLo/h6GxGB
+JXK57mTJG3UboWFIgNBU9IudPOdzDfJE1ul/Jon/AQKBgQC7/mmZg31a/8zlPLji
+oWoEEutyNu0O28BCbBrw9t1SqtPFLm53AzIzB4RFVjn9i5dnxljh618KQiY4FbKM
+mz1Yuzf7zCV7n8c1NakGwmW9Ezl8ZoLE44Nu7Pccukorl6uEY7kZa2vGa7krmIcI
+6kFbvVbl4scbXlDL88hGHezhoQKBgQDHl3O8kOvOhIwfVH6qIjIO+0oR57Tqtwaw
+A3oq6Ppdp65GK9G4f+/5L0z/Ay69MyauBLRA6+9LlW6SmAACSK69juvPMK6gd5uS
+yWQ8imh6l304BAryjOHiNXHtpnmiaPAGNgFZKPsPbWlOo4ZexTEBq23i4JM1TUph
+xpCmGY1ltwKBgEuYyPo0iAo55zkfq/Fmm2079nYdZEKfV7beJg9UFjgR/crDGyS8
+okkm8qe3PuaYZbATcNaYgcVsSFYxU3V7T7YIw0B8HW6T

[openssl] OpenSSL_1_1_1-stable update

2021-09-02 Thread Viktor Dukhovni 
The branch OpenSSL_1_1_1-stable has been updated
   via  09126044f0120b0039b13365b30465d4b6d0f8f0 (commit)
   via  5d9be38211fdb8b6a1d4c9257715e8c28832a317 (commit)
  from  9e72d1a3145a0585b96fa9b4e9ab31ce35a43aba (commit)


- Log -
commit 09126044f0120b0039b13365b30465d4b6d0f8f0
Author: Viktor Dukhovni 
Date:   Mon Aug 30 15:09:43 2021 -0400

Test for DANE cross cert fix

Reviewed-by: Tomáš Mráz 

commit 5d9be38211fdb8b6a1d4c9257715e8c28832a317
Author: Viktor Dukhovni 
Date:   Mon Aug 30 14:17:16 2021 -0400

Prioritise DANE TLSA issuer certs over peer certs

When building the certificate chain, prioritise any Cert(0) Full(0)
certificates from TLSA records over certificates received from the peer.

This is important when the server sends a cross cert, but TLSA records 
include
the underlying root CA cert.  We want to construct a chain with the issuer 
from
the TLSA record, which can then match the TLSA records (while the associated
cross cert may not).

Reviewed-by: Tomáš Mráz 

---

Summary of changes:
 crypto/x509/x509_vfy.c |  62 --
 test/certs/cross-key.pem   |  28 ++
 test/certs/cross-root.pem  |  18 +++
 test/certs/root-cross-cert.pem |  18 +++
 test/certs/setup.sh|   2 +
 test/dane-cross.in | 113 +
 test/danetest.c|   2 +-
 test/recipes/80-test_dane.t|   6 ++-
 8 files changed, 221 insertions(+), 28 deletions(-)
 create mode 100644 test/certs/cross-key.pem
 create mode 100644 test/certs/cross-root.pem
 create mode 100644 test/certs/root-cross-cert.pem
 create mode 100644 test/dane-cross.in

diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c
index 20a36e763c..e404fcc602 100644
--- a/crypto/x509/x509_vfy.c
+++ b/crypto/x509/x509_vfy.c
@@ -2924,6 +2924,26 @@ static int get_issuer(X509 **issuer, X509_STORE_CTX 
*ctx, X509 *cert)
 return ok;
 }
 
+static int augment_stack(STACK_OF(X509) *src, STACK_OF(X509) **dstPtr)
+{
+if (src) {
+STACK_OF(X509) *dst;
+int i;
+
+if (*dstPtr == NULL)
+return ((*dstPtr = sk_X509_dup(src)) != NULL);
+
+for (dst = *dstPtr, i = 0; i < sk_X509_num(src); ++i) {
+if (!sk_X509_push(dst, sk_X509_value(src, i))) {
+sk_X509_free(dst);
+*dstPtr = NULL;
+return 0;
+}
+}
+}
+return 1;
+}
+
 static int build_chain(X509_STORE_CTX *ctx)
 {
 SSL_DANE *dane = ctx->dane;
@@ -2967,18 +2987,7 @@ static int build_chain(X509_STORE_CTX *ctx)
 }
 
 /*
- * Shallow-copy the stack of untrusted certificates (with TLS, this is
- * typically the content of the peer's certificate message) so can make
- * multiple passes over it, while free to remove elements as we go.
- */
-if (ctx->untrusted && (sktmp = sk_X509_dup(ctx->untrusted)) == NULL) {
-X509err(X509_F_BUILD_CHAIN, ERR_R_MALLOC_FAILURE);
-ctx->error = X509_V_ERR_OUT_OF_MEM;
-return 0;
-}
-
-/*
- * If we got any "DANE-TA(2) Cert(0) Full(0)" trust-anchors from DNS, add
+ * If we got any "Cert(0) Full(0)" issuer certificates from DNS, *prepend*
  * them to our working copy of the untrusted certificate stack.  Since the
  * caller of X509_STORE_CTX_init() may have provided only a leaf cert with
  * no corresponding stack of untrusted certificates, we may need to create
@@ -2987,20 +2996,21 @@ static int build_chain(X509_STORE_CTX *ctx)
  * containing at least the leaf certificate, but we must be prepared for
  * this to change. ]
  */
-if (DANETLS_ENABLED(dane) && dane->certs != NULL) {
-if (sktmp == NULL && (sktmp = sk_X509_new_null()) == NULL) {
-X509err(X509_F_BUILD_CHAIN, ERR_R_MALLOC_FAILURE);
-ctx->error = X509_V_ERR_OUT_OF_MEM;
-return 0;
-}
-for (i = 0; i < sk_X509_num(dane->certs); ++i) {
-if (!sk_X509_push(sktmp, sk_X509_value(dane->certs, i))) {
-sk_X509_free(sktmp);
-X509err(X509_F_BUILD_CHAIN, ERR_R_MALLOC_FAILURE);
-ctx->error = X509_V_ERR_OUT_OF_MEM;
-return 0;
-}
-}
+if (DANETLS_ENABLED(dane) && !augment_stack(dane->certs, )) {
+X509err(X509_F_BUILD_CHAIN, ERR_R_MALLOC_FAILURE);
+ctx->error = X509_V_ERR_OUT_OF_MEM;
+return 0;
+}
+
+/*
+ * Shallow-copy the stack of untrusted certificates (with TLS, this is
+ * typically the content of the peer's certificate message) so can make
+ * multiple passes over it, while free to remove elements as we go.
+ */
+if (!a

[openssl] master update

2021-09-02 Thread Viktor Dukhovni 
The branch master has been updated
   via  305c77aa8211beefe9c4081a8ffea4280c9765fc (commit)
   via  661de442e4231a9b0411dc8562f9e465d1d7fabc (commit)
  from  505d44c623c2a883cf015f26a499842cea0161f0 (commit)


- Log -
commit 305c77aa8211beefe9c4081a8ffea4280c9765fc
Author: Viktor Dukhovni 
Date:   Mon Aug 30 15:09:43 2021 -0400

Test for DANE cross cert fix

Reviewed-by: Tomáš Mráz 

commit 661de442e4231a9b0411dc8562f9e465d1d7fabc
Author: Viktor Dukhovni 
Date:   Mon Aug 30 14:17:16 2021 -0400

Prioritise DANE TLSA issuer certs over peer certs

When building the certificate chain, prioritise any Cert(0) Full(0)
certificates from TLSA records over certificates received from the peer.

This is important when the server sends a cross cert, but TLSA records 
include
the underlying root CA cert.  We want to construct a chain with the issuer 
from
the TLSA record, which can then match the TLSA records (while the associated
cross cert may not).

Reviewed-by: Tomáš Mráz 

---

Summary of changes:
 crypto/x509/x509_vfy.c |  20 +---
 test/certs/cross-key.pem   |  28 ++
 test/certs/cross-root.pem  |  18 +++
 test/certs/root-cross-cert.pem |  18 +++
 test/certs/setup.sh|   3 ++
 test/dane-cross.in | 113 +
 test/danetest.c|   2 +-
 test/recipes/80-test_dane.t|   6 ++-
 8 files changed, 198 insertions(+), 10 deletions(-)
 create mode 100644 test/certs/cross-key.pem
 create mode 100644 test/certs/cross-root.pem
 create mode 100644 test/certs/root-cross-cert.pem
 create mode 100644 test/dane-cross.in

diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c
index 18c6172c98..0e5b18f67e 100644
--- a/crypto/x509/x509_vfy.c
+++ b/crypto/x509/x509_vfy.c
@@ -3023,22 +3023,26 @@ static int build_chain(X509_STORE_CTX *ctx)
 may_trusted = 1;
 }
 
-/*
- * Shallow-copy the stack of untrusted certificates (with TLS, this is
- * typically the content of the peer's certificate message) so can make
- * multiple passes over it, while free to remove elements as we go.
- */
-if ((sk_untrusted = sk_X509_dup(ctx->untrusted)) == NULL)
+/* Initialize empty untrusted stack. */
+if ((sk_untrusted = sk_X509_new_null()) == NULL)
 goto memerr;
 
 /*
- * If we got any "DANE-TA(2) Cert(0) Full(0)" trust anchors from DNS, add
- * them to our working copy of the untrusted certificate stack.
+ * If we got any "Cert(0) Full(0)" trust anchors from DNS, *prepend* them
+ * to our working copy of the untrusted certificate stack.
  */
 if (DANETLS_ENABLED(dane) && dane->certs != NULL
 && !X509_add_certs(sk_untrusted, dane->certs, X509_ADD_FLAG_DEFAULT))
 goto memerr;
 
+/*
+ * Shallow-copy the stack of untrusted certificates (with TLS, this is
+ * typically the content of the peer's certificate message) so we can make
+ * multiple passes over it, while free to remove elements as we go.
+ */
+if (!X509_add_certs(sk_untrusted, ctx->untrusted, X509_ADD_FLAG_DEFAULT))
+goto memerr;
+
 /*
  * Still absurdly large, but arithmetically safe, a lower hard upper bound
  * might be reasonable.
diff --git a/test/certs/cross-key.pem b/test/certs/cross-key.pem
new file mode 100644
index 00..93cd467ac7
--- /dev/null
+++ b/test/certs/cross-key.pem
@@ -0,0 +1,28 @@
+-BEGIN PRIVATE KEY-
+MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCSkfwkYXTJFL4I
+ICRQFXji6eX9I1NI97GBu2Yk8ejwctMttcJTlBLYpYRFQnZgsLwVEhA25KKlSNPz
+PPrEVipT5Ll5J6uhWEBGLHETh8Qx4sI508B2zUP+2tnDapYtk5MNSVdQZXVt6wJu
+sXY8vd58nHPLo4zr61MTwrj3Ld0lU18YHtxnGSMMYPPTxecE0mjYU038ELxZMdlT
++VSC0KOBJddj64+kXRdiDtQGVWE58MtX5/18LgSY3J/hvNhmcWuY611pgXcmwDPr
+Sn1fDeRqG87Qs8KniS1dtWHDCVW/5KZOQeLcK6VTaEdnwdPYQ7BiJp4+3ypKmErd
+T9TYBs8XAgMBAAECggEABIxdeGpm8DjGRgSQLjLg88CNPWG89sBrQk0SbvQ1HJfq
+dJXRDxgMFtBsFTfX6kla3xfyHpQ/dY4qJZvmQNBXIQ/oiqumw9Ah153qlGJJmXdG
+PEQDEz7+2lExawwmjgk6Uvs58LMHmCNUibUdzHgsdZcwudq8R6FWZ8lvIIo6GOJg
+1gOoPbeAQtNAx8LPr+eDvpXoWJrCKJKuZCSRLV2CDmEH/+KH123cD4Lg+MsPNBJd
+DsOitnVczlqnKDf5gSUXy3cwQlKFtOBa/0pN9wZvZDEWa30RmJmXI2bLo/h6GxGB
+JXK57mTJG3UboWFIgNBU9IudPOdzDfJE1ul/Jon/AQKBgQC7/mmZg31a/8zlPLji
+oWoEEutyNu0O28BCbBrw9t1SqtPFLm53AzIzB4RFVjn9i5dnxljh618KQiY4FbKM
+mz1Yuzf7zCV7n8c1NakGwmW9Ezl8ZoLE44Nu7Pccukorl6uEY7kZa2vGa7krmIcI
+6kFbvVbl4scbXlDL88hGHezhoQKBgQDHl3O8kOvOhIwfVH6qIjIO+0oR57Tqtwaw
+A3oq6Ppdp65GK9G4f+/5L0z/Ay69MyauBLRA6+9LlW6SmAACSK69juvPMK6gd5uS
+yWQ8imh6l304BAryjOHiNXHtpnmiaPAGNgFZKPsPbWlOo4ZexTEBq23i4JM1TUph
+xpCmGY1ltwKBgEuYyPo0iAo55zkfq/Fmm2079nYdZEKfV7beJg9UFjgR/crDGyS8
+okkm8qe3PuaYZbATcNaYgcVsSFYxU3V7T7YIw0B8HW6TF9Zr16aiMatQucMurdNi
+8g1/OPfSadURzqUU

[openssl] OpenSSL_1_1_1-stable update

2020-07-22 Thread Viktor Dukhovni 
The branch OpenSSL_1_1_1-stable has been updated
   via  c6c9f886ae118fffb0591ea0b5c3e4770b176552 (commit)
  from  335266fa793c105e5e38cbaf098542cc372cdc2e (commit)


- Log -
commit c6c9f886ae118fffb0591ea0b5c3e4770b176552
Author: Viktor Dukhovni 
Date:   Thu Jul 16 23:30:43 2020 -0200

Avoid errors with a priori inapplicable protocol bounds

The 'MinProtocol' and 'MaxProtocol' configuration commands now silently
ignore TLS protocol version bounds when configurign DTLS-based contexts,
and conversely, silently ignore DTLS protocol version bounds when
configuring TLS-based contexts.  The commands can be repeated to set
bounds of both types.  The same applies with the corresponding
"min_protocol" and "max_protocol" command-line switches, in case some
application uses both TLS and DTLS.

SSL_CTX instances that are created for a fixed protocol version (e.g.
TLSv1_server_method()) also silently ignore version bounds.  Previously
attempts to apply bounds to these protocol versions would result in an
error.  Now only the "version-flexible" SSL_CTX instances are subject to
limits in configuration files in command-line options.

Expected to resolve #12394

Reviewed-by: Paul Dale 
Reviewed-by: Matt Caswell 

GH: #12507

---

Summary of changes:
 CHANGES   | 15 +++
 doc/man3/SSL_CONF_cmd.pod | 29 -
 doc/man5/config.pod   | 15 +--
 ssl/ssl_conf.c|  7 +++
 ssl/statem/statem_lib.c   | 34 +++---
 5 files changed, 70 insertions(+), 30 deletions(-)

diff --git a/CHANGES b/CHANGES
index ae0d232526..ee5403dffc 100644
--- a/CHANGES
+++ b/CHANGES
@@ -9,6 +9,21 @@
 
  Changes between 1.1.1g and 1.1.1h [xx XXX ]
 
+  *) The 'MinProtocol' and 'MaxProtocol' configuration commands now silently
+ ignore TLS protocol version bounds when configuring DTLS-based contexts, 
and
+ conversely, silently ignore DTLS protocol version bounds when configuring
+ TLS-based contexts.  The commands can be repeated to set bounds of both
+ types.  The same applies with the corresponding "min_protocol" and
+ "max_protocol" command-line switches, in case some application uses both 
TLS
+ and DTLS.
+  
+ SSL_CTX instances that are created for a fixed protocol version (e.g.
+ TLSv1_server_method()) also silently ignore version bounds.  Previously
+ attempts to apply bounds to these protocol versions would result in an
+ error.  Now only the "version-flexible" SSL_CTX instances are subject to
+ limits in configuration files in command-line options.
+ [Viktor Dukhovni]
+
   *) Handshake now fails if Extended Master Secret extension is dropped
  on renegotiation.
  [Tomas Mraz]
diff --git a/doc/man3/SSL_CONF_cmd.pod b/doc/man3/SSL_CONF_cmd.pod
index 7f2449e379..c5fed8e1e0 100644
--- a/doc/man3/SSL_CONF_cmd.pod
+++ b/doc/man3/SSL_CONF_cmd.pod
@@ -147,13 +147,16 @@ B.
 =item B<-min_protocol>, B<-max_protocol>
 
 Sets the minimum and maximum supported protocol.
-Currently supported protocol values are B, B,
-B, B, B for TLS and B, B for DTLS,
-and B for no limit.
-If either bound is not specified then only the other bound applies,
-if specified.
-To restrict the supported protocol versions use these commands rather
-than the deprecated alternative commands below.
+Currently supported protocol values are B, B, B,
+B, B for TLS; B, B for DTLS, and B
+for no limit.
+If either the lower or upper bound is not specified then only the other bound
+applies, if specified.
+If your application supports both TLS and DTLS you can specify any of these
+options twice, once with a bound for TLS and again with an appropriate bound
+for DTLS.
+To restrict the supported protocol versions use these commands rather than the
+deprecated alternative commands below.
 
 =item B<-no_ssl3>, B<-no_tls1>, B<-no_tls1_1>, B<-no_tls1_2>, B<-no_tls1_3>
 
@@ -370,7 +373,11 @@ This sets the minimum supported SSL, TLS or DTLS version.
 
 Currently supported protocol values are B, B, B,
 B, B, B and B.
-The value B will disable the limit.
+The SSL and TLS bounds apply only to TLS-based contexts, while the DTLS bounds
+apply only to DTLS-based contexts.
+The command can be repeated with one instance setting a TLS bound, and the
+other setting a DTLS bound.
+The value B applies to both types of contexts and disables the limits.
 
 =item B
 
@@ -378,7 +385,11 @@ This sets the maximum supported SSL, TLS or DTLS version.
 
 Currently supported protocol values are B, B, B,
 B, B, B and B.
-The value B will disable the limit.
+The SSL and TLS bounds apply only to TLS-based contexts, while the DTLS bounds

[openssl] master update

2020-07-21 Thread Viktor Dukhovni 
The branch master has been updated
   via  77174598920a05826a28d8a0bd87a3af43d3f4d8 (commit)
  from  5ac582d949c4f0dbf919c99d59496035a1f7e982 (commit)


- Log -
commit 77174598920a05826a28d8a0bd87a3af43d3f4d8
Author: Viktor Dukhovni 
Date:   Thu Jul 16 23:30:43 2020 -0200

Avoid errors with a priori inapplicable protocol bounds

The 'MinProtocol' and 'MaxProtocol' configuration commands now silently
ignore TLS protocol version bounds when configurign DTLS-based contexts,
and conversely, silently ignore DTLS protocol version bounds when
configuring TLS-based contexts.  The commands can be repeated to set
bounds of both types.  The same applies with the corresponding
"min_protocol" and "max_protocol" command-line switches, in case some
application uses both TLS and DTLS.

SSL_CTX instances that are created for a fixed protocol version (e.g.
TLSv1_server_method()) also silently ignore version bounds.  Previously
attempts to apply bounds to these protocol versions would result in an
error.  Now only the "version-flexible" SSL_CTX instances are subject to
limits in configuration files in command-line options.

Expected to resolve #12394

Reviewed-by: Paul Dale 
GH: #12472

---

Summary of changes:
 CHANGES.md| 16 
 doc/man3/SSL_CONF_cmd.pod | 29 +
 doc/man5/config.pod   |  7 ++-
 ssl/ssl_conf.c|  7 +++
 ssl/statem/statem_lib.c   | 34 +++---
 5 files changed, 69 insertions(+), 24 deletions(-)

diff --git a/CHANGES.md b/CHANGES.md
index 5ff188c18c..14694739ae 100644
--- a/CHANGES.md
+++ b/CHANGES.md
@@ -23,6 +23,22 @@ OpenSSL 3.0
 
 ### Changes between 1.1.1 and 3.0 [xx XXX ]
 
+ * The 'MinProtocol' and 'MaxProtocol' configuration commands now silently
+   ignore TLS protocol version bounds when configuring DTLS-based contexts, and
+   conversely, silently ignore DTLS protocol version bounds when configuring
+   TLS-based contexts.  The commands can be repeated to set bounds of both
+   types.  The same applies with the corresponding "min_protocol" and
+   "max_protocol" command-line switches, in case some application uses both TLS
+   and DTLS.
+
+   SSL_CTX instances that are created for a fixed protocol version (e.g.
+   TLSv1_server_method()) also silently ignore version bounds.  Previously
+   attempts to apply bounds to these protocol versions would result in an
+   error.  Now only the "version-flexible" SSL_CTX instances are subject to
+   limits in configuration files in command-line options.
+
+   *Viktor Dukhovni*
+
  * Deprecated the `ENGINE` API.  Engines should be replaced with providers
going forward.
 
diff --git a/doc/man3/SSL_CONF_cmd.pod b/doc/man3/SSL_CONF_cmd.pod
index 753d6778df..97ebff047f 100644
--- a/doc/man3/SSL_CONF_cmd.pod
+++ b/doc/man3/SSL_CONF_cmd.pod
@@ -178,12 +178,17 @@ See L for more information.
 
 =item B<-min_protocol> I, B<-max_protocol> I
 
-Sets the minimum and maximum supported protocol.  Currently supported
-protocol values are B, B, B, B, B
-for TLS and B, B for DTLS, and B for no limit.
-If either bound is not specified then only the other bound applies,
-if specified.  To restrict the supported protocol versions use these
-commands rather than the deprecated alternative commands below.
+Sets the minimum and maximum supported protocol.
+Currently supported protocol values are B, B, B,
+B, B for TLS; B, B for DTLS, and B
+for no limit.
+If either the lower or upper bound is not specified then only the other bound
+applies, if specified.
+If your application supports both TLS and DTLS you can specify any of these
+options twice, once with a bound for TLS and again with an appropriate bound
+for DTLS.
+To restrict the supported protocol versions use these commands rather than the
+deprecated alternative commands below.
 
 =item B<-record_padding> I
 
@@ -389,7 +394,11 @@ This sets the minimum supported SSL, TLS or DTLS version.
 
 Currently supported protocol values are B, B, B,
 B, B, B and B.
-The value B will disable the limit.
+The SSL and TLS bounds apply only to TLS-based contexts, while the DTLS bounds
+apply only to DTLS-based contexts.
+The command can be repeated with one instance setting a TLS bound, and the
+other setting a DTLS bound.
+The value B applies to both types of contexts and disables the limits.
 
 =item B
 
@@ -397,7 +406,11 @@ This sets the maximum supported SSL, TLS or DTLS version.
 
 Currently supported protocol values are B, B, B,
 B, B, B and B.
-The value B will disable the limit.
+The SSL and TLS bounds apply only to TLS-based contexts, while the DTLS bounds
+apply only to DTLS-based contexts.
+The command can be repea

[openssl] master update

2019-10-25 Thread Viktor Dukhovni 
The branch master has been updated
   via  7c43eb5dcf5cb098b9e2c2c58b000353af51efa2 (commit)
  from  1b0d1bf7f177f1a0c979af8e4abbd6ed45d464d7 (commit)


- Log -
commit 7c43eb5dcf5cb098b9e2c2c58b000353af51efa2
Author: Dmitry Belyavskiy 
Date:   Sun Oct 6 22:25:10 2019 +0300

Strip BOM on loading PEM files

Reviewed-by: Richard Levitte 
Reviewed-by: Viktor Dukhovni 

---

Summary of changes:
 crypto/pem/pem_lib.c  | 19 ---
 test/recipes/04-test_pem.t|  1 +
 .../{cert-blankline.pem => cert-bom.pem}  |  3 +--
 3 files changed, 18 insertions(+), 5 deletions(-)
 copy test/recipes/04-test_pem_data/{cert-blankline.pem => cert-bom.pem} (98%)

diff --git a/crypto/pem/pem_lib.c b/crypto/pem/pem_lib.c
index eb07c884e7..020a030334 100644
--- a/crypto/pem/pem_lib.c
+++ b/crypto/pem/pem_lib.c
@@ -680,9 +680,20 @@ int PEM_read(FILE *fp, char **name, char **header, 
unsigned char **data,
 #endif
 
 /* Some helpers for PEM_read_bio_ex(). */
-static int sanitize_line(char *linebuf, int len, unsigned int flags)
+static int sanitize_line(char *linebuf, int len, unsigned int flags, int 
first_call)
 {
 int i;
+if (first_call) {
+/* Other BOMs imply unsupported multibyte encoding,
+ * so don't strip them and let the error raise */
+const unsigned char utf8_bom[3] = {0xEF, 0xBB, 0xBF};
+
+if (len > 3 && memcmp(linebuf, utf8_bom, 3) == 0) {
+memmove(linebuf, linebuf + 3, len - 3);
+linebuf[len - 3] = 0;
+len -= 3;
+}
+}
 
 if (flags & PEM_FLAG_EAY_COMPATIBLE) {
 /* Strip trailing whitespace */
@@ -727,6 +738,7 @@ static int get_name(BIO *bp, char **name, unsigned int 
flags)
 char *linebuf;
 int ret = 0;
 int len;
+int first_call = 1;
 
 /*
  * Need to hold trailing NUL (accounted for by BIO_gets() and the newline
@@ -747,7 +759,8 @@ static int get_name(BIO *bp, char **name, unsigned int 
flags)
 }
 
 /* Strip trailing garbage and standardize ending. */
-len = sanitize_line(linebuf, len, flags & ~PEM_FLAG_ONLY_B64);
+len = sanitize_line(linebuf, len, flags & ~PEM_FLAG_ONLY_B64, 
first_call);
+first_call = 0;
 
 /* Allow leading empty or non-matching lines. */
 } while (strncmp(linebuf, beginstr, BEGINLEN) != 0
@@ -819,7 +832,7 @@ static int get_header_and_data(BIO *bp, BIO **header, BIO 
**data, char *name,
 }
 if (!strncmp(linebuf, endstr, ENDLEN) || got_header == IN_HEADER)
 flags_mask &= ~PEM_FLAG_ONLY_B64;
-len = sanitize_line(linebuf, len, flags & flags_mask);
+len = sanitize_line(linebuf, len, flags & flags_mask, 0);
 
 /* Check for end of header. */
 if (linebuf[0] == '\n') {
diff --git a/test/recipes/04-test_pem.t b/test/recipes/04-test_pem.t
index b8f4d722a0..0e6e419519 100644
--- a/test/recipes/04-test_pem.t
+++ b/test/recipes/04-test_pem.t
@@ -32,6 +32,7 @@ my %cert_expected = (
 "cert-256line.pem" => 1,
 "cert-257line.pem" => 1,
 "cert-blankline.pem" => 0,
+"cert-bom.pem" => 1,
 "cert-comment.pem" => 0,
 "cert-earlypad.pem" => 0,
 "cert-extrapad.pem" => 0,
diff --git a/test/recipes/04-test_pem_data/cert-blankline.pem 
b/test/recipes/04-test_pem_data/cert-bom.pem
similarity index 98%
copy from test/recipes/04-test_pem_data/cert-blankline.pem
copy to test/recipes/04-test_pem_data/cert-bom.pem
index 3f252886f6..91fbaf4024 100644
--- a/test/recipes/04-test_pem_data/cert-blankline.pem
+++ b/test/recipes/04-test_pem_data/cert-bom.pem
@@ -1,4 +1,4 @@
--BEGIN CERTIFICATE-
+-BEGIN CERTIFICATE-
 MIIEzDCCA7QCCQCgxkRox+YljjANBgkqhkiG9w0BAQsFADCCASYxYzBhBgNVBAgM
 WlRoZSBHcmVhdCBTdGF0ZSBvZiBMb25nLVdpbmRlZCBDZXJ0aWZpY2F0ZSBGaWVs
 ZCBOYW1lcyBXaGVyZWJ5IHRvIEluY3JlYXNlIHRoZSBPdXRwdXQgU2l6ZTEfMB0G
@@ -10,7 +10,6 @@ 
MTcwMjIzMjAyNTM2WhcNMTcwMzI1MjAyNTM2WjCCASYxYzBhBgNVBAgMWlRoZSBH
 cmVhdCBTdGF0ZSBvZiBMb25nLVdpbmRlZCBDZXJ0aWZpY2F0ZSBGaWVsZCBOYW1l
 cyBXaGVyZWJ5IHRvIEluY3JlYXNlIHRoZSBPdXRwdXQgU2l6ZTEfMB0GA1UEBwwW
 VG9vbWFueWNoYXJhY3RlcnN2aWxsZTFIMEYGA1UECgw/VGhlIEJlbmV2b2xlbnQg
-
 U29jaWV0eSBvZiBMb3F1YWNpb3VzIGFuZCBQbGVvbmFzdGljIFBlcmlwaHJhc2lz
 MT0wOwYDVQQLDDRFbmRvcnNlbWVudCBvZiBWb3VjaHNhZmUnZCBFdmlkZW50aWFy
 eSBDZXJ0aWZpY2F0aW9uMRUwEwYDVQQDDAxjZXJ0LmV4YW1wbGUwggEiMA0GCSqG

[openssl] master update

2019-10-11 Thread Viktor Dukhovni 
The branch master has been updated
   via  e78253f2d0c1a9fe6b023d867ee02342b4560150 (commit)
  from  5b084ca0492cee7aeca63e0a50dbff7487e3ee41 (commit)


- Log -
commit e78253f2d0c1a9fe6b023d867ee02342b4560150
Author: Viktor Dukhovni 
Date:   Fri Oct 11 17:52:19 2019 -0400

Ignore empty ALPN elements in CLI args

Reviewed-by: Matt Caswell 

---

Summary of changes:
 apps/lib/apps.c | 30 +-
 1 file changed, 25 insertions(+), 5 deletions(-)

diff --git a/apps/lib/apps.c b/apps/lib/apps.c
index 65bd5a4070..73483d99f4 100644
--- a/apps/lib/apps.c
+++ b/apps/lib/apps.c
@@ -1809,26 +1809,46 @@ unsigned char *next_protos_parse(size_t *outlen, const 
char *in)
 size_t len;
 unsigned char *out;
 size_t i, start = 0;
+size_t skipped = 0;
 
 len = strlen(in);
-if (len >= 65535)
+if (len == 0 || len >= 65535)
 return NULL;
 
-out = app_malloc(strlen(in) + 1, "NPN buffer");
+out = app_malloc(len + 1, "NPN buffer");
 for (i = 0; i <= len; ++i) {
 if (i == len || in[i] == ',') {
+/*
+ * Zero-length ALPN elements are invalid on the wire, we could be
+ * strict and reject the entire string, but just ignoring extra
+ * commas seems harmless and more friendly.
+ *
+ * Every comma we skip in this way puts the input buffer another
+ * byte ahead of the output buffer, so all stores into the output
+ * buffer need to be decremented by the number commas skipped.
+ */
+if (i == start) {
+++start;
+++skipped;
+continue;
+}
 if (i - start > 255) {
 OPENSSL_free(out);
 return NULL;
 }
-out[start] = (unsigned char)(i - start);
+out[start-skipped] = (unsigned char)(i - start);
 start = i + 1;
 } else {
-out[i + 1] = in[i];
+out[i + 1 - skipped] = in[i];
 }
 }
 
-*outlen = len + 1;
+if (len <= skipped) {
+OPENSSL_free(out);
+return NULL;
+}
+
+*outlen = len + 1 - skipped;
 return out;
 }

[openssl] OpenSSL_1_1_1-stable update

2019-10-11 Thread Viktor Dukhovni 
The branch OpenSSL_1_1_1-stable has been updated
   via  bc458b0dd00acf8114dee7e4ac6423288a570697 (commit)
  from  4a8392e20353fcd2b69bf4df7bf4d4edcb14605f (commit)


- Log -
commit bc458b0dd00acf8114dee7e4ac6423288a570697
Author: Viktor Dukhovni 
Date:   Fri Oct 11 17:52:19 2019 -0400

Ignore empty ALPN elements in CLI args

Reviewed-by: Matt Caswell 

---

Summary of changes:
 apps/apps.c | 30 +-
 1 file changed, 25 insertions(+), 5 deletions(-)

diff --git a/apps/apps.c b/apps/apps.c
index 7177c5d982..c06241abb9 100644
--- a/apps/apps.c
+++ b/apps/apps.c
@@ -1962,26 +1962,46 @@ unsigned char *next_protos_parse(size_t *outlen, const 
char *in)
 size_t len;
 unsigned char *out;
 size_t i, start = 0;
+size_t skipped = 0;
 
 len = strlen(in);
-if (len >= 65535)
+if (len == 0 || len >= 65535)
 return NULL;
 
-out = app_malloc(strlen(in) + 1, "NPN buffer");
+out = app_malloc(len + 1, "NPN buffer");
 for (i = 0; i <= len; ++i) {
 if (i == len || in[i] == ',') {
+/*
+ * Zero-length ALPN elements are invalid on the wire, we could be
+ * strict and reject the entire string, but just ignoring extra
+ * commas seems harmless and more friendly.
+ *
+ * Every comma we skip in this way puts the input buffer another
+ * byte ahead of the output buffer, so all stores into the output
+ * buffer need to be decremented by the number commas skipped.
+ */
+if (i == start) {
+++start;
+++skipped;
+continue;
+}
 if (i - start > 255) {
 OPENSSL_free(out);
 return NULL;
 }
-out[start] = (unsigned char)(i - start);
+out[start-skipped] = (unsigned char)(i - start);
 start = i + 1;
 } else {
-out[i + 1] = in[i];
+out[i + 1 - skipped] = in[i];
 }
 }
 
-*outlen = len + 1;
+if (len <= skipped) {
+OPENSSL_free(out);
+return NULL;
+}
+
+*outlen = len + 1 - skipped;
 return out;
 }

[openssl] OpenSSL_1_1_1-stable update

2019-07-16 Thread Viktor Dukhovni 
The branch OpenSSL_1_1_1-stable has been updated
   via  2b7efbd03295f8a345b63acd212e22cb5a3d19df (commit)
  from  cf8b3732484a7a087c1e004551e3f8c51203c69d (commit)


- Log -
commit 2b7efbd03295f8a345b63acd212e22cb5a3d19df
Author: Viktor Dukhovni 
Date:   Mon Jul 15 13:12:04 2019 -0400

Actually silently ignore GET / OCSP requests

Reviewed-by: Matt Caswell 

---

Summary of changes:
 apps/ocsp.c | 6 --
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/apps/ocsp.c b/apps/ocsp.c
index 066a2e4..5d23918 100644
--- a/apps/ocsp.c
+++ b/apps/ocsp.c
@@ -1416,9 +1416,11 @@ static int do_responder(OCSP_REQUEST **preq, BIO 
**pcbio, BIO *acbio,
 *q = '\0';
 
 /*
- * Skip "GET / HTTP..." requests often used by load-balancers
+ * Skip "GET / HTTP..." requests often used by load-balancers.  Note:
+ * 'p' was incremented above to point to the first byte *after* the
+ * leading slash, so with 'GET / ' it is now an empty string.
  */
-if (p[1] == '\0')
+if (p[0] == '\0')
 goto out;
 
 len = urldecode(p);

[openssl] master update

2019-07-16 Thread Viktor Dukhovni 
The branch master has been updated
   via  5fe499cb75469fbda08d96facd13d14a402a6d44 (commit)
  from  12df11bdf11fb6a3410483b0097f032e329b4623 (commit)


- Log -
commit 5fe499cb75469fbda08d96facd13d14a402a6d44
Author: Viktor Dukhovni 
Date:   Mon Jul 15 13:12:04 2019 -0400

Actually silently ignore GET / OCSP requests

Reviewed-by: Matt Caswell 

---

Summary of changes:
 apps/ocsp.c | 6 --
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/apps/ocsp.c b/apps/ocsp.c
index 9f2cf45..71c6a56 100644
--- a/apps/ocsp.c
+++ b/apps/ocsp.c
@@ -1436,9 +1436,11 @@ static int do_responder(OCSP_REQUEST **preq, BIO 
**pcbio, BIO *acbio,
 *q = '\0';
 
 /*
- * Skip "GET / HTTP..." requests often used by load-balancers
+ * Skip "GET / HTTP..." requests often used by load-balancers.  Note:
+ * 'p' was incremented above to point to the first byte *after* the
+ * leading slash, so with 'GET / ' it is now an empty string.
  */
-if (p[1] == '\0')
+if (p[0] == '\0')
 goto out;
 
 len = urldecode(p);

[openssl-commits] [openssl] master update

2019-01-07 Thread Viktor Dukhovni 
The branch master has been updated
   via  df1f538f28c10f2954757164b17781040d2355ef (commit)
   via  b2f16a2271c40faed168c8bd89b562919a18cb3f (commit)
  from  9effc496ad8a9b0ec737c69cc0fddf610a045ea4 (commit)


- Log -
commit df1f538f28c10f2954757164b17781040d2355ef
Author: Viktor Dukhovni 
Date:   Tue Jan 1 02:53:24 2019 -0500

More configurable crypto and ssl library initialization

1.  In addition to overriding the default application name,
one can now also override the configuration file name
and flags passed to CONF_modules_load_file().

2.  By default we still keep going when configuration file
processing fails.  But, applications that want to be strict
about initialization errors can now make explicit flag
choices via non-null OPENSSL_INIT_SETTINGS that omit the
CONF_MFLAGS_IGNORE_RETURN_CODES flag (which had so far been
both undocumented and unused).

3.  In OPENSSL_init_ssl() do not request OPENSSL_INIT_LOAD_CONFIG
if the options already include OPENSSL_INIT_NO_LOAD_CONFIG.

4.  Don't set up atexit() handlers when called with INIT_BASE_ONLY.

Reviewed-by: Bernd Edlinger 
Reviewed-by: Matt Caswell 
(Merged from https://github.com/openssl/openssl/pull/7986)

commit b2f16a2271c40faed168c8bd89b562919a18cb3f
Author: Viktor Dukhovni 
Date:   Tue Jan 1 19:19:43 2019 -0500

Update generator copyright year.

Some Travis builds appear to fail because generated objects get
2019 copyrights now, and the diff complains.

Reviewed-by: Bernd Edlinger 
Reviewed-by: Matt Caswell 
(Merged from https://github.com/openssl/openssl/pull/7986)

---

Summary of changes:
 crypto/asn1/charmap.pl  |  2 +-
 crypto/bn/bn_prime.pl   |  2 +-
 crypto/conf/conf_lib.c  | 26 +
 crypto/conf/conf_mod.c  |  3 +++
 crypto/conf/conf_sap.c  | 23 +-
 crypto/conf/keysets.pl  |  2 +-
 crypto/err/err.c| 12 
 crypto/init.c   | 38 +
 crypto/objects/obj_dat.pl   |  2 +-
 crypto/objects/objects.pl   |  2 +-
 crypto/objects/objxref.pl   |  2 +-
 doc/man3/CONF_modules_load_file.pod | 10 +-
 doc/man3/OPENSSL_init_crypto.pod| 37 +---
 include/internal/conf.h |  9 -
 include/openssl/crypto.h|  6 +-
 ssl/ssl_init.c  | 13 +++--
 util/libcrypto.num  |  2 ++
 17 files changed, 148 insertions(+), 43 deletions(-)

diff --git a/crypto/asn1/charmap.pl b/crypto/asn1/charmap.pl
index 20f05fc..d29a21b 100644
--- a/crypto/asn1/charmap.pl
+++ b/crypto/asn1/charmap.pl
@@ -1,5 +1,5 @@
 #! /usr/bin/env perl
-# Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the Apache License 2.0 (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
diff --git a/crypto/bn/bn_prime.pl b/crypto/bn/bn_prime.pl
index fb54810..76df3fc 100644
--- a/crypto/bn/bn_prime.pl
+++ b/crypto/bn/bn_prime.pl
@@ -1,5 +1,5 @@
 #! /usr/bin/env perl
-# Copyright 1998-2018 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 1998-2019 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the Apache License 2.0 (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
diff --git a/crypto/conf/conf_lib.c b/crypto/conf/conf_lib.c
index 860ac67..606563a 100644
--- a/crypto/conf/conf_lib.c
+++ b/crypto/conf/conf_lib.c
@@ -358,11 +358,36 @@ OPENSSL_INIT_SETTINGS *OPENSSL_INIT_new(void)
 
 if (ret != NULL)
 memset(ret, 0, sizeof(*ret));
+ret->flags = DEFAULT_CONF_MFLAGS;
+
 return ret;
 }
 
 
 #ifndef OPENSSL_NO_STDIO
+int OPENSSL_INIT_set_config_filename(OPENSSL_INIT_SETTINGS *settings,
+ const char *filename)
+{
+char *newfilename = NULL;
+
+if (filename != NULL) {
+newfilename = strdup(filename);
+if (newfilename == NULL)
+return 0;
+}
+
+free(settings->filename);
+settings->filename = newfilename;
+
+return 1;
+}
+
+void OPENSSL_INIT_set_config_file_flags(OPENSSL_INIT_SETTINGS *settings,
+unsigned long flags)
+{
+settings->flags = flags;
+}
+
 int OPENSSL_INIT_set_config_appname(OPENSSL_INIT_SETTINGS *settings,
 const char *appname)
 {
@@ -383,6 +408,7 @@ int OPENSSL_INIT_set_config_appname(OPENSSL_I

[openssl-commits] [openssl] OpenSSL_1_1_1-stable update

2019-01-07 Thread Viktor Dukhovni 
The branch OpenSSL_1_1_1-stable has been updated
   via  25eb9299cec4404a4cdf3167056bd147af2582f3 (commit)
   via  1bfd76b3afa0abc275e9a60ee0ea7b22c4fb842a (commit)
  from  d3b574fee1c4ad887a219fadb1674349ae0ce4b7 (commit)


- Log -
commit 25eb9299cec4404a4cdf3167056bd147af2582f3
Author: Viktor Dukhovni 
Date:   Tue Jan 1 02:53:24 2019 -0500

More configurable crypto and ssl library initialization

1.  In addition to overriding the default application name,
one can now also override the configuration file name
and flags passed to CONF_modules_load_file().

2.  By default we still keep going when configuration file
processing fails.  But, applications that want to be
strict about initialization errors can now make explicit
flag choices via non-null OPENSSL_INIT_SETTINGS that omit
the CONF_MFLAGS_IGNORE_RETURN_CODES flag (which had so far
been both undocumented and unused).

3.  In OPENSSL_init_ssl() do not request OPENSSL_INIT_LOAD_CONFIG
if the options already include OPENSSL_INIT_NO_LOAD_CONFIG.

4.  Don't set up atexit() handlers when called with opts equal to
OPENSSL_INIT_BASE_ONLY (this flag should only be used alone).

Reviewed-by: Bernd Edlinger 
Reviewed-by: Matt Caswell 
(Merged from https://github.com/openssl/openssl/pull/7969)

commit 1bfd76b3afa0abc275e9a60ee0ea7b22c4fb842a
Author: Viktor Dukhovni 
Date:   Tue Jan 1 19:19:43 2019 -0500

Update generator copyright year.

Some Travis builds appear to fail because generated objects get
2019 copyrights now, and the diff complains.

Reviewed-by: Bernd Edlinger 
Reviewed-by: Matt Caswell 
(Merged from https://github.com/openssl/openssl/pull/7969)

---

Summary of changes:
 crypto/asn1/charmap.pl  |  2 +-
 crypto/bn/bn_prime.pl   |  2 +-
 crypto/conf/conf_lib.c  | 26 ++
 crypto/conf/conf_mod.c  |  3 +++
 crypto/conf/conf_sap.c  | 23 ++-
 crypto/conf/keysets.pl  |  2 +-
 crypto/err/err.c| 12 
 crypto/init.c   | 37 +
 crypto/objects/obj_dat.pl   |  2 +-
 crypto/objects/objects.pl   |  2 +-
 crypto/objects/objxref.pl   |  2 +-
 doc/man3/CONF_modules_load_file.pod | 10 +-
 doc/man3/OPENSSL_init_crypto.pod| 37 ++---
 include/internal/conf.h |  9 -
 include/openssl/crypto.h|  6 +-
 ssl/ssl_init.c  | 11 ++-
 util/libcrypto.num  |  2 ++
 17 files changed, 146 insertions(+), 42 deletions(-)

diff --git a/crypto/asn1/charmap.pl b/crypto/asn1/charmap.pl
index fbab1f3..dadd8df 100644
--- a/crypto/asn1/charmap.pl
+++ b/crypto/asn1/charmap.pl
@@ -1,5 +1,5 @@
 #! /usr/bin/env perl
-# Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the OpenSSL license (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
diff --git a/crypto/bn/bn_prime.pl b/crypto/bn/bn_prime.pl
index eeca475..b0b1608 100644
--- a/crypto/bn/bn_prime.pl
+++ b/crypto/bn/bn_prime.pl
@@ -1,5 +1,5 @@
 #! /usr/bin/env perl
-# Copyright 1998-2018 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 1998-2019 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the OpenSSL license (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
diff --git a/crypto/conf/conf_lib.c b/crypto/conf/conf_lib.c
index 07110d8..4ae7bd2 100644
--- a/crypto/conf/conf_lib.c
+++ b/crypto/conf/conf_lib.c
@@ -358,11 +358,36 @@ OPENSSL_INIT_SETTINGS *OPENSSL_INIT_new(void)
 
 if (ret != NULL)
 memset(ret, 0, sizeof(*ret));
+ret->flags = DEFAULT_CONF_MFLAGS;
+
 return ret;
 }
 
 
 #ifndef OPENSSL_NO_STDIO
+int OPENSSL_INIT_set_config_filename(OPENSSL_INIT_SETTINGS *settings,
+ const char *filename)
+{
+char *newfilename = NULL;
+
+if (filename != NULL) {
+newfilename = strdup(filename);
+if (newfilename == NULL)
+return 0;
+}
+
+free(settings->filename);
+settings->filename = newfilename;
+
+return 1;
+}
+
+void OPENSSL_INIT_set_config_file_flags(OPENSSL_INIT_SETTINGS *settings,
+unsigned long flags)
+{
+settings->flags = flags;
+}
+
 int OPENSSL_INIT_set_config_appname(OPENSSL_INIT_SETTINGS *settings,
 const char *app

[openssl-commits] [openssl] OpenSSL_1_1_1-stable update

2018-12-20 Thread Viktor Dukhovni 
The branch OpenSSL_1_1_1-stable has been updated
   via  ea7d2c5808f4711edfdd25a7a4e2e39f8ee3de62 (commit)
  from  bb157fd142ab3eced6051a32d8207de8a79c2fbe (commit)


- Log -
commit ea7d2c5808f4711edfdd25a7a4e2e39f8ee3de62
Author: Ken Goldman 
Date:   Fri Dec 14 15:04:04 2018 -0500

Admit unknown pkey types at security level 0

The check_key_level() function currently fails when the public key
cannot be extracted from the certificate because its algorithm is not
supported.  However, the public key is not needed for the last
certificate in the chain.

This change moves the check for level 0 before the check for a
non-NULL public key.

For background, this is the TPM 1.2 endorsement key certificate.
I.e., this is a real application with millions of certificates issued.
The key is an RSA-2048 key.

The TCG (for a while) specified

 Public Key Algorithm: rsaesOaep

rather than the commonly used

 Public Key Algorithm: rsaEncryption

because the key is an encryption key rather than a signing key.
The X509 certificate parser fails to get the public key.

Reviewed-by: Viktor Dukhovni 
Reviewed-by: Richard Levitte 
(Merged from https://github.com/openssl/openssl/pull/7906)

---

Summary of changes:
 crypto/x509/x509_vfy.c | 11 +--
 1 file changed, 9 insertions(+), 2 deletions(-)

diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c
index 61e8192..4ced716 100644
--- a/crypto/x509/x509_vfy.c
+++ b/crypto/x509/x509_vfy.c
@@ -3232,12 +3232,19 @@ static int check_key_level(X509_STORE_CTX *ctx, X509 
*cert)
 EVP_PKEY *pkey = X509_get0_pubkey(cert);
 int level = ctx->param->auth_level;
 
+/*
+ * At security level zero, return without checking for a supported public
+ * key type.  Some engines support key types not understood outside the
+ * engine, and we only need to understand the key when enforcing a security
+ * floor.
+ */
+if (level <= 0)
+return 1;
+
 /* Unsupported or malformed keys are not secure */
 if (pkey == NULL)
 return 0;
 
-if (level <= 0)
-return 1;
 if (level > NUM_AUTH_LEVELS)
 level = NUM_AUTH_LEVELS;
 
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] master update

2018-12-19 Thread Viktor Dukhovni 
The branch master has been updated
   via  baba1545105131fa34068f62928322e99d695ab1 (commit)
  from  6f8b858d054c4eb1112531e39da9ceb5fa37e5f1 (commit)


- Log -
commit baba1545105131fa34068f62928322e99d695ab1
Author: Ken Goldman 
Date:   Fri Dec 14 15:04:04 2018 -0500

Admit unknown pkey types at security level 0

The check_key_level() function currently fails when the public key
cannot be extracted from the certificate because its algorithm is not
supported.  However, the public key is not needed for the last
certificate in the chain.

This change moves the check for level 0 before the check for a
non-NULL public key.

For background, this is the TPM 1.2 endorsement key certificate.
I.e., this is a real application with millions of certificates issued.
The key is an RSA-2048 key.

The TCG (for a while) specified

 Public Key Algorithm: rsaesOaep

rather than the commonly used

 Public Key Algorithm: rsaEncryption

because the key is an encryption key rather than a signing key.
The X509 certificate parser fails to get the public key.

Reviewed-by: Viktor Dukhovni 
Reviewed-by: Richard Levitte 
(Merged from https://github.com/openssl/openssl/pull/7906)

---

Summary of changes:
 crypto/x509/x509_vfy.c | 11 +--
 1 file changed, 9 insertions(+), 2 deletions(-)

diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c
index 95a95c6..bbf61d4 100644
--- a/crypto/x509/x509_vfy.c
+++ b/crypto/x509/x509_vfy.c
@@ -3232,12 +3232,19 @@ static int check_key_level(X509_STORE_CTX *ctx, X509 
*cert)
 EVP_PKEY *pkey = X509_get0_pubkey(cert);
 int level = ctx->param->auth_level;
 
+/*
+ * At security level zero, return without checking for a supported public
+ * key type.  Some engines support key types not understood outside the
+ * engine, and we only need to understand the key when enforcing a security
+ * floor.
+ */
+if (level <= 0)
+return 1;
+
 /* Unsupported or malformed keys are not secure */
 if (pkey == NULL)
 return 0;
 
-if (level <= 0)
-return 1;
 if (level > NUM_AUTH_LEVELS)
 level = NUM_AUTH_LEVELS;
 
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] master update

2018-12-09 Thread Viktor Dukhovni 
The branch master has been updated
   via  1057c2c39f5df45c36c0fc4d78dc9d3b91f78bc6 (commit)
   via  9b340281873643d2b8a33047dc8bfa607f7e0c3c (commit)
   via  73ff6d6847b1bbabe4ae052a3bde1f37c78aecb4 (commit)
   via  ec91206fbe5e14731f9c9fa0b3dd859854d3e8b9 (commit)
   via  5db120dc351177173bb25e963be095404c31fbce (commit)
   via  bda1f0c0d6987232f1f8ca2a72755ac62a99fc4c (commit)
   via  d8adf68cd6b7c934f12e7db14ddfc33b8cdd5797 (commit)
   via  8343229bc4b8ac04e3a15d0645c453da84cab8d8 (commit)
   via  82f518acee36754cb6f64d39ba926b32daae2534 (commit)
   via  706a8af01556334dd250b6d252536e78fa8f9063 (commit)
   via  15f77f2cae7f845811fbeabafe620a3b1d6315d8 (commit)
   via  4b6ae3c3c2ce37a766049491af8e8b2426b1a46f (commit)
   via  f53537b1fabdb38baf43e930b9c546ffb50a86cf (commit)
  from  91d0fd1c2753f0f7d6e0953eed3cfb6eb96d8ff4 (commit)


- Log -
commit 1057c2c39f5df45c36c0fc4d78dc9d3b91f78bc6
Author: Viktor Dukhovni 
Date:   Sun Dec 9 18:37:56 2018 -0500

Cleaner disposal of ephemeral engine ids and names

Engine names and ids are typically static strings.  If an application
actually dynamically allocated these, the application owns the
storage, and should dispose of it via the original handle, rather
than the "const char *" returned by the engine.

In any case, this resolves the test code issue without resort to
"unconst" macros/casts.

Reviewed-by: Richard Levitte 

commit 9b340281873643d2b8a33047dc8bfa607f7e0c3c
Author: Viktor Dukhovni 
Date:   Sun Dec 9 18:37:26 2018 -0500

Eliminate NOP cast

Reviewed-by: Richard Levitte 

commit 73ff6d6847b1bbabe4ae052a3bde1f37c78aecb4
Author: Christos Zoulas 
Date:   Mon Oct 1 19:09:16 2018 -0400

change into hex string constants to avoid overflow warnings

Reviewed-by: Richard Levitte 
    
    Reviewed-by: Viktor Dukhovni 

commit ec91206fbe5e14731f9c9fa0b3dd859854d3e8b9
Author: Christos Zoulas 
Date:   Sun Sep 30 17:16:07 2018 -0400

Add a format attribute to the format functions and fix the broken format
strings.

Reviewed-by: Richard Levitte 
    
    Reviewed-by: Viktor Dukhovni 

commit 5db120dc351177173bb25e963be095404c31fbce
Author: Christos Zoulas 
Date:   Sun Sep 30 16:59:46 2018 -0400

Fix const issues

Reviewed-by: Richard Levitte 
    
    Reviewed-by: Viktor Dukhovni 

commit bda1f0c0d6987232f1f8ca2a72755ac62a99fc4c
Author: Christos Zoulas 
Date:   Sun Sep 30 16:57:56 2018 -0400

Avoid const castaway warning

Reviewed-by: Richard Levitte 
    
    Reviewed-by: Viktor Dukhovni 

commit d8adf68cd6b7c934f12e7db14ddfc33b8cdd5797
Author: Christos Zoulas 
Date:   Sun Sep 30 16:57:14 2018 -0400

Use a const variable

Reviewed-by: Richard Levitte 
    
    Reviewed-by: Viktor Dukhovni 

commit 8343229bc4b8ac04e3a15d0645c453da84cab8d8
Author: Christos Zoulas 
Date:   Sun Sep 30 16:56:49 2018 -0400

Use the proper fonst cast

Reviewed-by: Richard Levitte 
    
    Reviewed-by: Viktor Dukhovni 

commit 82f518acee36754cb6f64d39ba926b32daae2534
Author: Christos Zoulas 
Date:   Sun Sep 30 16:56:14 2018 -0400

don't pass const string where a modifyable string is expected

Reviewed-by: Richard Levitte 
    
    Reviewed-by: Viktor Dukhovni 

commit 706a8af01556334dd250b6d252536e78fa8f9063
Author: Christos Zoulas 
Date:   Sun Sep 30 16:55:05 2018 -0400

add missing "void" in prototype.

Reviewed-by: Richard Levitte 

    Reviewed-by: Viktor Dukhovni 

commit 15f77f2cae7f845811fbeabafe620a3b1d6315d8
Author: Christos Zoulas 
Date:   Sun Sep 30 16:54:25 2018 -0400

add missing const in cast

Reviewed-by: Richard Levitte 

    Reviewed-by: Viktor Dukhovni 

commit 4b6ae3c3c2ce37a766049491af8e8b2426b1a46f
Author: Christos Zoulas 
Date:   Sun Sep 30 16:53:22 2018 -0400

add missing const

Reviewed-by: Richard Levitte 

    Reviewed-by: Viktor Dukhovni 

commit f53537b1fabdb38baf43e930b9c546ffb50a86cf
Author: Christos Zoulas 
Date:   Sun Sep 30 16:52:44 2018 -0400

use the proper types to eliminate casts

Reviewed-by: Richard Levitte 

    Reviewed-by: Viktor Dukhovni 

---

Summary of changes:
 test/destest.c|  2 +-
 test/enginetest.c | 15 +++---
 test/hmactest.c   | 46 ---
 test/ideatest.c   |  4 ++--
 test/testutil/driver.c|  2 +-
 test/testutil/format_output.c | 23 +++---
 test/testutil/main.c  |  2 +-
 test/testutil/output.h| 34 +++-
 test/testutil/stanza.c|  3 ++-
 test/testutil/tap_bio.c   |  3 ++-
 test/testutil/tests.c |  2 +-
 11 files changed, 80 insertions(+

[openssl-commits] [openssl] master update

2018-11-12 Thread Viktor Dukhovni 
The branch master has been updated
   via  a51c9f637cdef7926d8a8991365e4b58975346db (commit)
  from  6e68dae85a8f91944370125561c7ec0d5da46c20 (commit)


- Log -
commit a51c9f637cdef7926d8a8991365e4b58975346db
Author: Viktor Dukhovni 
Date:   Sat Nov 10 01:53:56 2018 -0500

Added missing signature algorithm reflection functions

SSL_get_signature_nid()  -- local signature algorithm
SSL_get_signature_type_nid() -- local signature algorithm key type
SSL_get_peer_tmp_key()   -- Peer key-exchange public key
SSL_get_tmp_key  -- local key exchange public key

Aliased pre-existing SSL_get_server_tmp_key(), which was formerly
just for clients, to SSL_get_peer_tmp_key().  Changed internal
calls to use the new name.

Reviewed-by: Matt Caswell 

---

Summary of changes:
 apps/s_cb.c|  3 ++-
 doc/man3/SSL_get_peer_signature_nid.pod| 12 ---
 ...server_tmp_key.pod => SSL_get_peer_tmp_key.pod} | 22 ++--
 include/openssl/ssl.h  | 18 +---
 include/openssl/tls1.h |  1 +
 ssl/s3_lib.c   | 24 --
 ssl/t1_lib.c   |  8 
 test/handshake_helper.c|  2 +-
 test/ssltest_old.c |  2 +-
 util/libssl.num|  1 +
 util/private.num   |  3 +++
 11 files changed, 79 insertions(+), 17 deletions(-)
 rename doc/man3/{SSL_get_server_tmp_key.pod => SSL_get_peer_tmp_key.pod} (50%)

diff --git a/apps/s_cb.c b/apps/s_cb.c
index 46b3864..2d4568f 100644
--- a/apps/s_cb.c
+++ b/apps/s_cb.c
@@ -394,7 +394,8 @@ int ssl_print_groups(BIO *out, SSL *s, int noshared)
 int ssl_print_tmp_key(BIO *out, SSL *s)
 {
 EVP_PKEY *key;
-if (!SSL_get_server_tmp_key(s, ))
+
+if (!SSL_get_peer_tmp_key(s, ))
 return 1;
 BIO_puts(out, "Server Temp Key: ");
 switch (EVP_PKEY_id(key)) {
diff --git a/doc/man3/SSL_get_peer_signature_nid.pod 
b/doc/man3/SSL_get_peer_signature_nid.pod
index ce6ab61..dbca8cf 100644
--- a/doc/man3/SSL_get_peer_signature_nid.pod
+++ b/doc/man3/SSL_get_peer_signature_nid.pod
@@ -2,8 +2,9 @@
 
 =head1 NAME
 
-SSL_get_peer_signature_nid, SSL_get_peer_signature_type_nid - get TLS
-message signing types
+SSL_get_peer_signature_nid, SSL_get_peer_signature_type_nid,
+SSL_get_signature_nid, SSL_get_signature_type_nid - get TLS message signing
+types
 
 =head1 SYNOPSIS
 
@@ -11,6 +12,8 @@ message signing types
 
  int SSL_get_peer_signature_nid(SSL *ssl, int *psig_nid);
  int SSL_get_peer_signature_type_nid(const SSL *ssl, int *psigtype_nid);
+ int SSL_get_signature_nid(SSL *ssl, int *psig_nid);
+ int SSL_get_signature_type_nid(const SSL *ssl, int *psigtype_nid);
 
 =head1 DESCRIPTION
 
@@ -24,12 +27,15 @@ where it is B. To differentiate between
 B and B signatures, it's necessary to check
 the type of public key in the peer's certificate.
 
+SSL_get_signature_nid() and SSL_get_signature_type_nid() return the equivalent
+information for the local end of the connection.
+
 =head1 RETURN VALUES
 
 These functions return 1 for success and 0 for failure. There are several
 possible reasons for failure: the cipher suite has no signature (e.g. it
 uses RSA key exchange or is anonymous), the TLS version is below 1.2 or
-the functions were called before the peer signed a message.
+the functions were called too early, e.g. before the peer signed a message.
 
 =head1 SEE ALSO
 
diff --git a/doc/man3/SSL_get_server_tmp_key.pod 
b/doc/man3/SSL_get_peer_tmp_key.pod
similarity index 50%
rename from doc/man3/SSL_get_server_tmp_key.pod
rename to doc/man3/SSL_get_peer_tmp_key.pod
index fda891b..23006b3 100644
--- a/doc/man3/SSL_get_server_tmp_key.pod
+++ b/doc/man3/SSL_get_peer_tmp_key.pod
@@ -2,26 +2,36 @@
 
 =head1 NAME
 
-SSL_get_server_tmp_key - get information about the server's temporary key used
-during a handshake
+SSL_get_peer_tmp_key, SSL_get_server_tmp_key, SSL_get_tmp_key - get information
+about temporary keys used during a handshake
 
 =head1 SYNOPSIS
 
  #include 
 
+ long SSL_get_peer_tmp_key(SSL *ssl, EVP_PKEY **key);
  long SSL_get_server_tmp_key(SSL *ssl, EVP_PKEY **key);
+ long SSL_get_tmp_key(SSL *ssl, EVP_PKEY **key);
 
 =head1 DESCRIPTION
 
-SSL_get_server_tmp_key() returns the temporary key provided by the server and
+SSL_get_peer_tmp_key() returns the temporary key provided by the peer and
 used during key exchange. For example, if ECDHE is in use, then this represents
-the server's public ECDHE key. On success a pointer to the key is stored in
+the peer's public ECDHE key. On success a pointer to the key is s

[openssl-commits] [openssl] OpenSSL_1_1_1-stable update

2018-11-12 Thread Viktor Dukhovni 
The branch OpenSSL_1_1_1-stable has been updated
   via  45f247258a87b73e76f95631e0f4aa22298fd19c (commit)
  from  44197e961a66b8a2eda2a66857c8aa0c5059459c (commit)


- Log -
commit 45f247258a87b73e76f95631e0f4aa22298fd19c
Author: Viktor Dukhovni 
Date:   Sat Nov 10 01:53:56 2018 -0500

Added missing signature algorithm reflection functions

SSL_get_signature_nid()  -- local signature algorithm
SSL_get_signature_type_nid() -- local signature algorithm key type
SSL_get_peer_tmp_key()   -- Peer key-exchange public key
SSL_get_tmp_key  -- local key exchange public key

Aliased pre-existing SSL_get_server_tmp_key(), which was formerly
just for clients, to SSL_get_peer_tmp_key().  Changed internal
calls to use the new name.

Reviewed-by: Matt Caswell 

---

Summary of changes:
 apps/s_cb.c|  3 ++-
 doc/man3/SSL_get_peer_signature_nid.pod| 12 ---
 ...server_tmp_key.pod => SSL_get_peer_tmp_key.pod} | 22 ++--
 include/openssl/ssl.h  | 18 +---
 include/openssl/tls1.h |  1 +
 ssl/s3_lib.c   | 24 --
 ssl/t1_lib.c   |  8 
 test/handshake_helper.c|  2 +-
 test/ssltest_old.c |  2 +-
 util/libssl.num|  1 +
 util/private.num   |  3 +++
 11 files changed, 79 insertions(+), 17 deletions(-)
 rename doc/man3/{SSL_get_server_tmp_key.pod => SSL_get_peer_tmp_key.pod} (50%)

diff --git a/apps/s_cb.c b/apps/s_cb.c
index 46b3864..2d4568f 100644
--- a/apps/s_cb.c
+++ b/apps/s_cb.c
@@ -394,7 +394,8 @@ int ssl_print_groups(BIO *out, SSL *s, int noshared)
 int ssl_print_tmp_key(BIO *out, SSL *s)
 {
 EVP_PKEY *key;
-if (!SSL_get_server_tmp_key(s, ))
+
+if (!SSL_get_peer_tmp_key(s, ))
 return 1;
 BIO_puts(out, "Server Temp Key: ");
 switch (EVP_PKEY_id(key)) {
diff --git a/doc/man3/SSL_get_peer_signature_nid.pod 
b/doc/man3/SSL_get_peer_signature_nid.pod
index ce6ab61..dbca8cf 100644
--- a/doc/man3/SSL_get_peer_signature_nid.pod
+++ b/doc/man3/SSL_get_peer_signature_nid.pod
@@ -2,8 +2,9 @@
 
 =head1 NAME
 
-SSL_get_peer_signature_nid, SSL_get_peer_signature_type_nid - get TLS
-message signing types
+SSL_get_peer_signature_nid, SSL_get_peer_signature_type_nid,
+SSL_get_signature_nid, SSL_get_signature_type_nid - get TLS message signing
+types
 
 =head1 SYNOPSIS
 
@@ -11,6 +12,8 @@ message signing types
 
  int SSL_get_peer_signature_nid(SSL *ssl, int *psig_nid);
  int SSL_get_peer_signature_type_nid(const SSL *ssl, int *psigtype_nid);
+ int SSL_get_signature_nid(SSL *ssl, int *psig_nid);
+ int SSL_get_signature_type_nid(const SSL *ssl, int *psigtype_nid);
 
 =head1 DESCRIPTION
 
@@ -24,12 +27,15 @@ where it is B. To differentiate between
 B and B signatures, it's necessary to check
 the type of public key in the peer's certificate.
 
+SSL_get_signature_nid() and SSL_get_signature_type_nid() return the equivalent
+information for the local end of the connection.
+
 =head1 RETURN VALUES
 
 These functions return 1 for success and 0 for failure. There are several
 possible reasons for failure: the cipher suite has no signature (e.g. it
 uses RSA key exchange or is anonymous), the TLS version is below 1.2 or
-the functions were called before the peer signed a message.
+the functions were called too early, e.g. before the peer signed a message.
 
 =head1 SEE ALSO
 
diff --git a/doc/man3/SSL_get_server_tmp_key.pod 
b/doc/man3/SSL_get_peer_tmp_key.pod
similarity index 50%
rename from doc/man3/SSL_get_server_tmp_key.pod
rename to doc/man3/SSL_get_peer_tmp_key.pod
index fda891b..23006b3 100644
--- a/doc/man3/SSL_get_server_tmp_key.pod
+++ b/doc/man3/SSL_get_peer_tmp_key.pod
@@ -2,26 +2,36 @@
 
 =head1 NAME
 
-SSL_get_server_tmp_key - get information about the server's temporary key used
-during a handshake
+SSL_get_peer_tmp_key, SSL_get_server_tmp_key, SSL_get_tmp_key - get information
+about temporary keys used during a handshake
 
 =head1 SYNOPSIS
 
  #include 
 
+ long SSL_get_peer_tmp_key(SSL *ssl, EVP_PKEY **key);
  long SSL_get_server_tmp_key(SSL *ssl, EVP_PKEY **key);
+ long SSL_get_tmp_key(SSL *ssl, EVP_PKEY **key);
 
 =head1 DESCRIPTION
 
-SSL_get_server_tmp_key() returns the temporary key provided by the server and
+SSL_get_peer_tmp_key() returns the temporary key provided by the peer and
 used during key exchange. For example, if ECDHE is in use, then this represents
-the server's public ECDHE key. On success a pointer to the key is stored in
+the peer's public ECDHE key. On success a pointer to the key is s

[openssl-commits] [openssl] OpenSSL_1_0_2-stable update

2018-10-17 Thread Viktor Dukhovni 
The branch OpenSSL_1_0_2-stable has been updated
   via  35cf781c20b65e51c6d0d3e9a199e74534b60b4a (commit)
   via  c8ce9e50d50af58d878d81522a3d592c00a17ba0 (commit)
  from  b1016c96dbb7a8d9b724f34656e0b2aae9e54cfe (commit)


- Log -
commit 35cf781c20b65e51c6d0d3e9a199e74534b60b4a
Author: Viktor Dukhovni 
Date:   Mon Oct 8 12:05:14 2018 -0400

Apply self-imposed path length also to root CAs

Also, some readers of the code find starting the count at 1 for EE
cert confusing (since RFC5280 counts only non-self-issued intermediate
CAs, but we also counted the leaf).  Therefore, never count the EE
cert, and adjust the path length comparison accordinly.  This may
be more clear to the reader.

Reviewed-by: Matt Caswell 
(cherry picked from commit dc5831da59e9bfad61ba425d886a0b06ac160cd6)

commit c8ce9e50d50af58d878d81522a3d592c00a17ba0
Author: Viktor Dukhovni 
Date:   Thu Oct 4 23:53:01 2018 -0400

Only CA certificates can be self-issued

At the bottom of https://tools.ietf.org/html/rfc5280#page-12 and
top of https://tools.ietf.org/html/rfc5280#page-13 (last paragraph
of above https://tools.ietf.org/html/rfc5280#section-3.3), we see:

   This specification covers two classes of certificates: CA
   certificates and end entity certificates.  CA certificates may be
   further divided into three classes: cross-certificates, self-issued
   certificates, and self-signed certificates.  Cross-certificates are
   CA certificates in which the issuer and subject are different
   entities.  Cross-certificates describe a trust relationship between
   the two CAs.  Self-issued certificates are CA certificates in which
   the issuer and subject are the same entity.  Self-issued certificates
   are generated to support changes in policy or operations.  Self-
   signed certificates are self-issued certificates where the digital
   signature may be verified by the public key bound into the
   certificate.  Self-signed certificates are used to convey a public
   key for use to begin certification paths.  End entity certificates
   are issued to subjects that are not authorized to issue certificates.

that the term "self-issued" is only applicable to CAs, not end-entity
certificates.  In https://tools.ietf.org/html/rfc5280#section-4.2.1.9
the description of path length constraints says:

   The pathLenConstraint field is meaningful only if the cA boolean is
   asserted and the key usage extension, if present, asserts the
   keyCertSign bit (Section 4.2.1.3).  In this case, it gives the
   maximum number of non-self-issued intermediate certificates that may
   follow this certificate in a valid certification path.  (Note: The
   last certificate in the certification path is not an intermediate
   certificate, and is not included in this limit.  Usually, the last
   certificate is an end entity certificate, but it can be a CA
   certificate.)

This makes it clear that exclusion of self-issued certificates from
the path length count applies only to some *intermediate* CA
certificates.  A leaf certificate whether it has identical issuer
and subject or whether it is a CA or not is never part of the
intermediate certificate count.  The handling of all leaf certificates
must be the same, in the case of our code to post-increment the
path count by 1, so that we ultimately reach a non-self-issued
intermediate it will be the first one (not zeroth) in the chain
of intermediates.

Reviewed-by: Matt Caswell 
(cherry picked from commit ed422a2d0196ada0f5c1b6e296f4a4e5ed69577f)

---

Summary of changes:
 crypto/x509/x509_vfy.c | 11 +--
 1 file changed, 5 insertions(+), 6 deletions(-)

diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c
index 749768e..da778d4 100644
--- a/crypto/x509/x509_vfy.c
+++ b/crypto/x509/x509_vfy.c
@@ -694,10 +694,9 @@ static int check_chain_extensions(X509_STORE_CTX *ctx)
 goto end;
 }
 }
-/* Check pathlen if not self issued */
-if ((i > 1) && !(x->ex_flags & EXFLAG_SI)
-&& (x->ex_pathlen != -1)
-&& (plen > (x->ex_pathlen + proxy_path_length + 1))) {
+/* Check pathlen */
+if ((i > 1) && (x->ex_pathlen != -1)
+&& (plen > (x->ex_pathlen + proxy_path_length))) {
 ctx->error = X509_V_ERR_PATH_LENGTH_EXCEEDED;
 ctx->error_depth = i;
 ctx->current_cert = x;
@@ -705,8 +704,8 @@ static int check_chain_extensions(X509_STORE_CTX *ctx)
 if (!ok)
 goto end;
 }
-/* Increment path l

[openssl-commits] [openssl] OpenSSL_1_1_0-stable update

2018-10-17 Thread Viktor Dukhovni 
The branch OpenSSL_1_1_0-stable has been updated
   via  d46f9173bbd62ffa7ae0b20bf05c600e14722cc6 (commit)
   via  cc54a2a0f5a2455205ee236bb44458cc39366065 (commit)
  from  a76a41655e57b72b30a373aae6e75afedf920076 (commit)


- Log -
commit d46f9173bbd62ffa7ae0b20bf05c600e14722cc6
Author: Viktor Dukhovni 
Date:   Mon Oct 8 12:05:14 2018 -0400

Apply self-imposed path length also to root CAs

Also, some readers of the code find starting the count at 1 for EE
cert confusing (since RFC5280 counts only non-self-issued intermediate
CAs, but we also counted the leaf).  Therefore, never count the EE
cert, and adjust the path length comparison accordinly.  This may
be more clear to the reader.

Reviewed-by: Matt Caswell 
(cherry picked from commit dc5831da59e9bfad61ba425d886a0b06ac160cd6)

commit cc54a2a0f5a2455205ee236bb44458cc39366065
Author: Viktor Dukhovni 
Date:   Thu Oct 4 23:53:01 2018 -0400

Only CA certificates can be self-issued

At the bottom of https://tools.ietf.org/html/rfc5280#page-12 and
top of https://tools.ietf.org/html/rfc5280#page-13 (last paragraph
of above https://tools.ietf.org/html/rfc5280#section-3.3), we see:

   This specification covers two classes of certificates: CA
   certificates and end entity certificates.  CA certificates may be
   further divided into three classes: cross-certificates, self-issued
   certificates, and self-signed certificates.  Cross-certificates are
   CA certificates in which the issuer and subject are different
   entities.  Cross-certificates describe a trust relationship between
   the two CAs.  Self-issued certificates are CA certificates in which
   the issuer and subject are the same entity.  Self-issued certificates
   are generated to support changes in policy or operations.  Self-
   signed certificates are self-issued certificates where the digital
   signature may be verified by the public key bound into the
   certificate.  Self-signed certificates are used to convey a public
   key for use to begin certification paths.  End entity certificates
   are issued to subjects that are not authorized to issue certificates.

that the term "self-issued" is only applicable to CAs, not end-entity
certificates.  In https://tools.ietf.org/html/rfc5280#section-4.2.1.9
the description of path length constraints says:

   The pathLenConstraint field is meaningful only if the cA boolean is
   asserted and the key usage extension, if present, asserts the
   keyCertSign bit (Section 4.2.1.3).  In this case, it gives the
   maximum number of non-self-issued intermediate certificates that may
   follow this certificate in a valid certification path.  (Note: The
   last certificate in the certification path is not an intermediate
   certificate, and is not included in this limit.  Usually, the last
   certificate is an end entity certificate, but it can be a CA
   certificate.)

This makes it clear that exclusion of self-issued certificates from
the path length count applies only to some *intermediate* CA
certificates.  A leaf certificate whether it has identical issuer
and subject or whether it is a CA or not is never part of the
intermediate certificate count.  The handling of all leaf certificates
must be the same, in the case of our code to post-increment the
path count by 1, so that we ultimately reach a non-self-issued
intermediate it will be the first one (not zeroth) in the chain
of intermediates.

Reviewed-by: Matt Caswell 
(cherry picked from commit ed422a2d0196ada0f5c1b6e296f4a4e5ed69577f)

---

Summary of changes:
 crypto/x509/x509_vfy.c | 11 +--
 1 file changed, 5 insertions(+), 6 deletions(-)

diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c
index f86871f..ba186d3 100644
--- a/crypto/x509/x509_vfy.c
+++ b/crypto/x509/x509_vfy.c
@@ -515,15 +515,14 @@ static int check_chain_extensions(X509_STORE_CTX *ctx)
 /* check_purpose() makes the callback as needed */
 if (purpose > 0 && !check_purpose(ctx, x, purpose, i, must_be_ca))
 return 0;
-/* Check pathlen if not self issued */
-if ((i > 1) && !(x->ex_flags & EXFLAG_SI)
-&& (x->ex_pathlen != -1)
-&& (plen > (x->ex_pathlen + proxy_path_length + 1))) {
+/* Check pathlen */
+if ((i > 1) && (x->ex_pathlen != -1)
+&& (plen > (x->ex_pathlen + proxy_path_length))) {
 if (!verify_cb_cert(ctx, x, i, X509_V_ERR_PATH_LENGTH_EXCEEDED))
 return 0;
 }
-/* Increment path length if not self issued */
-if (!(x

[openssl-commits] [openssl] OpenSSL_1_1_1-stable update

2018-10-17 Thread Viktor Dukhovni 
The branch OpenSSL_1_1_1-stable has been updated
   via  a190ea8ad7f2405d1a6245e59481fb6e3d0f60d2 (commit)
   via  bb6923945ee61b024c841f8131416c3c35cc9746 (commit)
  from  871039698042467b814b4fa37353db120be5b331 (commit)


- Log -
commit a190ea8ad7f2405d1a6245e59481fb6e3d0f60d2
Author: Viktor Dukhovni 
Date:   Mon Oct 8 12:05:14 2018 -0400

Apply self-imposed path length also to root CAs

Also, some readers of the code find starting the count at 1 for EE
cert confusing (since RFC5280 counts only non-self-issued intermediate
CAs, but we also counted the leaf).  Therefore, never count the EE
cert, and adjust the path length comparison accordinly.  This may
be more clear to the reader.

Reviewed-by: Matt Caswell 
(cherry picked from commit dc5831da59e9bfad61ba425d886a0b06ac160cd6)

commit bb6923945ee61b024c841f8131416c3c35cc9746
Author: Viktor Dukhovni 
Date:   Thu Oct 4 23:53:01 2018 -0400

Only CA certificates can be self-issued

At the bottom of https://tools.ietf.org/html/rfc5280#page-12 and
top of https://tools.ietf.org/html/rfc5280#page-13 (last paragraph
of above https://tools.ietf.org/html/rfc5280#section-3.3), we see:

   This specification covers two classes of certificates: CA
   certificates and end entity certificates.  CA certificates may be
   further divided into three classes: cross-certificates, self-issued
   certificates, and self-signed certificates.  Cross-certificates are
   CA certificates in which the issuer and subject are different
   entities.  Cross-certificates describe a trust relationship between
   the two CAs.  Self-issued certificates are CA certificates in which
   the issuer and subject are the same entity.  Self-issued certificates
   are generated to support changes in policy or operations.  Self-
   signed certificates are self-issued certificates where the digital
   signature may be verified by the public key bound into the
   certificate.  Self-signed certificates are used to convey a public
   key for use to begin certification paths.  End entity certificates
   are issued to subjects that are not authorized to issue certificates.

that the term "self-issued" is only applicable to CAs, not end-entity
certificates.  In https://tools.ietf.org/html/rfc5280#section-4.2.1.9
the description of path length constraints says:

   The pathLenConstraint field is meaningful only if the cA boolean is
   asserted and the key usage extension, if present, asserts the
   keyCertSign bit (Section 4.2.1.3).  In this case, it gives the
   maximum number of non-self-issued intermediate certificates that may
   follow this certificate in a valid certification path.  (Note: The
   last certificate in the certification path is not an intermediate
   certificate, and is not included in this limit.  Usually, the last
   certificate is an end entity certificate, but it can be a CA
   certificate.)

This makes it clear that exclusion of self-issued certificates from
the path length count applies only to some *intermediate* CA
certificates.  A leaf certificate whether it has identical issuer
and subject or whether it is a CA or not is never part of the
intermediate certificate count.  The handling of all leaf certificates
must be the same, in the case of our code to post-increment the
path count by 1, so that we ultimately reach a non-self-issued
intermediate it will be the first one (not zeroth) in the chain
of intermediates.

Reviewed-by: Matt Caswell 
(cherry picked from commit ed422a2d0196ada0f5c1b6e296f4a4e5ed69577f)

---

Summary of changes:
 crypto/x509/x509_vfy.c | 11 +--
 1 file changed, 5 insertions(+), 6 deletions(-)

diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c
index 3a60d41..61e8192 100644
--- a/crypto/x509/x509_vfy.c
+++ b/crypto/x509/x509_vfy.c
@@ -517,15 +517,14 @@ static int check_chain_extensions(X509_STORE_CTX *ctx)
 /* check_purpose() makes the callback as needed */
 if (purpose > 0 && !check_purpose(ctx, x, purpose, i, must_be_ca))
 return 0;
-/* Check pathlen if not self issued */
-if ((i > 1) && !(x->ex_flags & EXFLAG_SI)
-&& (x->ex_pathlen != -1)
-&& (plen > (x->ex_pathlen + proxy_path_length + 1))) {
+/* Check pathlen */
+if ((i > 1) && (x->ex_pathlen != -1)
+&& (plen > (x->ex_pathlen + proxy_path_length))) {
 if (!verify_cb_cert(ctx, x, i, X509_V_ERR_PATH_LENGTH_EXCEEDED))
 return 0;
 }
-/* Increment path length if not self issued */
-if (!(x

[openssl-commits] [openssl] master update

2018-10-17 Thread Viktor Dukhovni 
The branch master has been updated
   via  dc5831da59e9bfad61ba425d886a0b06ac160cd6 (commit)
   via  ed422a2d0196ada0f5c1b6e296f4a4e5ed69577f (commit)
  from  d68af00685c4a76e9545882e350717ae5e4071df (commit)


- Log -
commit dc5831da59e9bfad61ba425d886a0b06ac160cd6
Author: Viktor Dukhovni 
Date:   Mon Oct 8 12:05:14 2018 -0400

Apply self-imposed path length also to root CAs

Also, some readers of the code find starting the count at 1 for EE
cert confusing (since RFC5280 counts only non-self-issued intermediate
CAs, but we also counted the leaf).  Therefore, never count the EE
cert, and adjust the path length comparison accordinly.  This may
be more clear to the reader.

Reviewed-by: Matt Caswell 

commit ed422a2d0196ada0f5c1b6e296f4a4e5ed69577f
Author: Viktor Dukhovni 
Date:   Thu Oct 4 23:53:01 2018 -0400

Only CA certificates can be self-issued

At the bottom of https://tools.ietf.org/html/rfc5280#page-12 and
top of https://tools.ietf.org/html/rfc5280#page-13 (last paragraph
of above https://tools.ietf.org/html/rfc5280#section-3.3), we see:

   This specification covers two classes of certificates: CA
   certificates and end entity certificates.  CA certificates may be
   further divided into three classes: cross-certificates, self-issued
   certificates, and self-signed certificates.  Cross-certificates are
   CA certificates in which the issuer and subject are different
   entities.  Cross-certificates describe a trust relationship between
   the two CAs.  Self-issued certificates are CA certificates in which
   the issuer and subject are the same entity.  Self-issued certificates
   are generated to support changes in policy or operations.  Self-
   signed certificates are self-issued certificates where the digital
   signature may be verified by the public key bound into the
   certificate.  Self-signed certificates are used to convey a public
   key for use to begin certification paths.  End entity certificates
   are issued to subjects that are not authorized to issue certificates.

that the term "self-issued" is only applicable to CAs, not end-entity
certificates.  In https://tools.ietf.org/html/rfc5280#section-4.2.1.9
the description of path length constraints says:

   The pathLenConstraint field is meaningful only if the cA boolean is
   asserted and the key usage extension, if present, asserts the
   keyCertSign bit (Section 4.2.1.3).  In this case, it gives the
   maximum number of non-self-issued intermediate certificates that may
   follow this certificate in a valid certification path.  (Note: The
   last certificate in the certification path is not an intermediate
   certificate, and is not included in this limit.  Usually, the last
   certificate is an end entity certificate, but it can be a CA
   certificate.)

This makes it clear that exclusion of self-issued certificates from
the path length count applies only to some *intermediate* CA
certificates.  A leaf certificate whether it has identical issuer
and subject or whether it is a CA or not is never part of the
intermediate certificate count.  The handling of all leaf certificates
must be the same, in the case of our code to post-increment the
path count by 1, so that we ultimately reach a non-self-issued
intermediate it will be the first one (not zeroth) in the chain
of intermediates.

Reviewed-by: Matt Caswell 

---

Summary of changes:
 crypto/x509/x509_vfy.c | 11 +--
 1 file changed, 5 insertions(+), 6 deletions(-)

diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c
index 3a60d41..61e8192 100644
--- a/crypto/x509/x509_vfy.c
+++ b/crypto/x509/x509_vfy.c
@@ -517,15 +517,14 @@ static int check_chain_extensions(X509_STORE_CTX *ctx)
 /* check_purpose() makes the callback as needed */
 if (purpose > 0 && !check_purpose(ctx, x, purpose, i, must_be_ca))
 return 0;
-/* Check pathlen if not self issued */
-if ((i > 1) && !(x->ex_flags & EXFLAG_SI)
-&& (x->ex_pathlen != -1)
-&& (plen > (x->ex_pathlen + proxy_path_length + 1))) {
+/* Check pathlen */
+if ((i > 1) && (x->ex_pathlen != -1)
+&& (plen > (x->ex_pathlen + proxy_path_length))) {
 if (!verify_cb_cert(ctx, x, i, X509_V_ERR_PATH_LENGTH_EXCEEDED))
 return 0;
 }
-/* Increment path length if not self issued */
-if (!(x->ex_flags & EXFLAG_SI))
+/* Increment path length if not a self issued intermediate CA */
+if (i > 0 && (x->ex_flags &am

[openssl-commits] [openssl] master update

2018-06-12 Thread Viktor Dukhovni 
The branch master has been updated
   via  0df65d82dbc41e8da00adb243de5918db532c8a6 (commit)
  from  8fe4c0b001f85c5a918c6a6d4687813ea3d2945f (commit)


- Log -
commit 0df65d82dbc41e8da00adb243de5918db532c8a6
Author: Viktor Dukhovni 
Date:   Tue Jun 12 11:51:53 2018 -0400

Document return value of X509_add_ext

and also X509_delete_ext()

Reviewed-by: Matt Caswell 

---

Summary of changes:
 doc/man3/X509v3_get_ext_by_NID.pod | 6 --
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/doc/man3/X509v3_get_ext_by_NID.pod 
b/doc/man3/X509v3_get_ext_by_NID.pod
index 81c938e..54dff3c 100644
--- a/doc/man3/X509v3_get_ext_by_NID.pod
+++ b/doc/man3/X509v3_get_ext_by_NID.pod
@@ -115,8 +115,8 @@ initial extension will not be checked.
 
 X509v3_get_ext_count() returns the extension count.
 
-X509v3_get_ext() and X509v3_delete_ext() return an B pointer
-or B if an error occurs.
+X509v3_get_ext(), X509v3_delete_ext() and X509_delete_ext() return an
+B pointer or B if an error occurs.
 
 X509v3_get_ext_by_NID() X509v3_get_ext_by_OBJ() and
 X509v3_get_ext_by_critical() return the an extension index or B<-1> if an
@@ -124,6 +124,8 @@ error occurs.
 
 X509v3_add_ext() returns a stack of extensions or B on error.
 
+X509_add_ext() returns 1 on success and 0 on error.
+
 =head1 SEE ALSO
 
 L
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] master update

2018-04-18 Thread Viktor Dukhovni 
The branch master has been updated
   via  a4107d73d597a6f8754f7cf5c8c53d2097bea652 (commit)
  from  cb1b2cafe11f2008b0acc91726a6a6760f16fe28 (commit)


- Log -
commit a4107d73d597a6f8754f7cf5c8c53d2097bea652
Author: Viktor Dukhovni <openssl-us...@dukhovni.org>
Date:   Wed Apr 18 19:52:26 2018 -0400

Add missing index_index() when reloading OCSP responder

Also, future-proof index_index() return codes by requiring success
to return a positive value.

Reviewed-by: Rich Salz <rs...@openssl.org>

---

Summary of changes:
 apps/apps.c | 3 +++
 apps/ca.c   | 4 ++--
 apps/ocsp.c | 5 +++--
 3 files changed, 8 insertions(+), 4 deletions(-)

diff --git a/apps/apps.c b/apps/apps.c
index 5a32dc0..6ae8523 100644
--- a/apps/apps.c
+++ b/apps/apps.c
@@ -1597,6 +1597,9 @@ CA_DB *load_index(const char *dbfile, DB_ATTR *db_attr)
 return retdb;
 }
 
+/*
+ * Returns > 0 on success, <= 0 on error
+ */
 int index_index(CA_DB *db)
 {
 if (!TXT_DB_create_index(db->db, DB_serial, NULL,
diff --git a/apps/ca.c b/apps/ca.c
index d530cf5..1c053b5 100644
--- a/apps/ca.c
+++ b/apps/ca.c
@@ -498,7 +498,7 @@ end_of_options:
 if (db == NULL)
 goto end;
 
-if (!index_index(db))
+if (index_index(db) <= 0)
 goto end;
 
 if (get_certificate_status(ser_status, db) != 1)
@@ -672,7 +672,7 @@ end_of_options:
 BIO_printf(bio_err, "generating index\n");
 }
 
-if (!index_index(db))
+if (index_index(db) <= 0)
 goto end;
 
 /*/
diff --git a/apps/ocsp.c b/apps/ocsp.c
index 3c5534a..83461c7 100644
--- a/apps/ocsp.c
+++ b/apps/ocsp.c
@@ -559,7 +559,7 @@ int ocsp_main(int argc, char **argv)
 
 if (ridx_filename != NULL) {
 rdb = load_index(ridx_filename, NULL);
-if (rdb == NULL || !index_index(rdb)) {
+if (rdb == NULL || index_index(rdb) <= 0) {
 ret = 1;
 goto end;
 }
@@ -582,10 +582,11 @@ redo_accept:
 if (index_changed(rdb)) {
 CA_DB *newrdb = load_index(ridx_filename, NULL);
 
-if (newrdb != NULL) {
+if (newrdb != NULL && index_index(newrdb) > 0) {
 free_index(rdb);
 rdb = newrdb;
 } else {
+free_index(newrdb);
 log_message(LOG_ERR, "error reloading updated index: %s",
 ridx_filename);
 }
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] master update

2018-03-08 Thread Viktor Dukhovni 
The branch master has been updated
   via  a7fb4fa1708c65c0932133dca64a53d0237312e3 (commit)
  from  9300f078b6b6a83acd9aabcca89577f1a7800a6f (commit)


- Log -
commit a7fb4fa1708c65c0932133dca64a53d0237312e3
Author: Viktor Dukhovni <openssl-us...@dukhovni.org>
Date:   Thu Mar 8 10:51:46 2018 -0500

Make OCSP "multi" compatible with "no-sock" builds.

Reviewed-by: Matt Caswell <m...@openssl.org>

---

Summary of changes:
 apps/ocsp.c | 6 ++
 1 file changed, 2 insertions(+), 4 deletions(-)

diff --git a/apps/ocsp.c b/apps/ocsp.c
index 6de0117..82c11e8 100644
--- a/apps/ocsp.c
+++ b/apps/ocsp.c
@@ -230,9 +230,7 @@ int ocsp_main(int argc, char **argv)
 int accept_count = -1, add_nonce = 1, noverify = 0, use_ssl = -1;
 int vpmtouched = 0, badsig = 0, i, ignore_err = 0, nmin = 0, ndays = -1;
 int req_text = 0, resp_text = 0, ret = 1;
-# ifndef OPENSSL_NO_SOCK
 int req_timeout = -1;
-# endif
 long nsec = MAX_VALIDITY_PERIOD, maxage = -1;
 unsigned long sign_flags = 0, verify_flags = 0, rflags = 0;
 OPTION_CHOICE o;
@@ -483,11 +481,11 @@ int ocsp_main(int argc, char **argv)
 goto opthelp;
 trailing_md = 1;
 break;
-# ifdef OCSP_DAEMON
 case OPT_MULTI:
+# ifdef OCSP_DAEMON
 multi = atoi(opt_arg());
-break;
 # endif
+break;
 }
 }
 if (trailing_md) {
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] master update

2018-03-07 Thread Viktor Dukhovni 
The branch master has been updated
   via  3e3c7c3646878fbbef07865aca007e112cf0fc26 (commit)
   via  c7d5ea2670c2f2ce855b099a14ca2c218661ad3f (commit)
  from  61ab6919183fe804f3ed5cf26fcc121a4ecbb6af (commit)


- Log -
commit 3e3c7c3646878fbbef07865aca007e112cf0fc26
Author: Viktor Dukhovni <openssl-us...@dukhovni.org>
Date:   Mon Mar 5 15:18:04 2018 -0500

Implement multi-process OCSP responder.

With "-multi" the OCSP responder forks multiple child processes,
and respawns them as needed.  This can be used as a long-running
service, not just a demo program.  Therefore the index file is
automatically re-read when changed.  The responder also now optionally
times out client requests.

Reviewed-by: Matt Caswell <m...@openssl.org>

commit c7d5ea2670c2f2ce855b099a14ca2c218661ad3f
Author: Viktor Dukhovni <openssl-us...@dukhovni.org>
Date:   Mon Mar 5 14:40:02 2018 -0500

Prepare to detect index changes in OCSP responder.

Retain open file handle and previous stat data for the CA index
file, enabling detection and index reload (upcoming commit).

Check requirements before entering accept loop.

Reviewed-by: Matt Caswell <m...@openssl.org>

---

Summary of changes:
 CHANGES   |  14 ++
 apps/apps.c   |  21 +++
 apps/apps.h   |  10 ++
 apps/ocsp.c   | 379 ++
 crypto/err/err.c  |   1 +
 doc/man1/ocsp.pod |  18 ++-
 include/openssl/err.h |   1 +
 7 files changed, 388 insertions(+), 56 deletions(-)

diff --git a/CHANGES b/CHANGES
index 5e5abb9..dcbe291 100644
--- a/CHANGES
+++ b/CHANGES
@@ -9,6 +9,20 @@
 
  Changes between 1.1.0g and 1.1.1 [xx XXX ]
 
+  *) On POSIX (BSD, Linux, ...) systems the ocsp(1) command running
+ in responder mode now supports the new "-multi" option, which
+ spawns the specified number of child processes to handle OCSP
+ requests.  The "-timeout" option now also limits the OCSP
+ responder's patience to wait to receive the full client request
+ on a newly accepted connection. Child processes are respawned
+ as needed, and the CA index file is automatically reloaded
+ when changed.  This makes it possible to run the "ocsp" responder
+ as a long-running service, making the OpenSSL CA somewhat more
+ feature-complete.  In this mode, most diagnostic messages logged
+ after entering the event loop are logged via syslog(3) rather than
+ written to stderr.
+ [Viktor Dukhovni]
+
   *) Added support for X448 and Ed448. Heavily based on original work by
  Mike Hamburg.
  [Matt Caswell]
diff --git a/apps/apps.c b/apps/apps.c
index ef57355..5a32dc0 100644
--- a/apps/apps.c
+++ b/apps/apps.c
@@ -1538,12 +1538,27 @@ CA_DB *load_index(const char *dbfile, DB_ATTR *db_attr)
 BIO *in;
 CONF *dbattr_conf = NULL;
 char buf[BSIZE];
+#ifndef OPENSSL_NO_POSIX_IO
+FILE *dbfp;
+struct stat dbst;
+#endif
 
 in = BIO_new_file(dbfile, "r");
 if (in == NULL) {
 ERR_print_errors(bio_err);
 goto err;
 }
+
+#ifndef OPENSSL_NO_POSIX_IO
+BIO_get_fp(in, );
+if (fstat(fileno(dbfp), ) == -1) {
+SYSerr(SYS_F_FSTAT, errno);
+ERR_add_error_data(3, "fstat('", dbfile, "')");
+ERR_print_errors(bio_err);
+goto err;
+}
+#endif
+
 if ((tmpdb = TXT_DB_read(in, DB_NUMBER)) == NULL)
 goto err;
 
@@ -1570,6 +1585,11 @@ CA_DB *load_index(const char *dbfile, DB_ATTR *db_attr)
 }
 }
 
+retdb->dbfname = OPENSSL_strdup(dbfile);
+#ifndef OPENSSL_NO_POSIX_IO
+retdb->dbst = dbst;
+#endif
+
  err:
 NCONF_free(dbattr_conf);
 TXT_DB_free(tmpdb);
@@ -1715,6 +1735,7 @@ void free_index(CA_DB *db)
 {
 if (db) {
 TXT_DB_free(db->db);
+OPENSSL_free(db->dbfname);
 OPENSSL_free(db);
 }
 }
diff --git a/apps/apps.h b/apps/apps.h
index 3086f09..aa63527 100644
--- a/apps/apps.h
+++ b/apps/apps.h
@@ -14,6 +14,12 @@
 # include "internal/nelem.h"
 # include 
 
+# include 
+# ifndef OPENSSL_NO_POSIX_IO
+#  include 
+#  include 
+# endif
+
 # include 
 # include 
 # include 
@@ -509,6 +515,10 @@ typedef struct db_attr_st {
 typedef struct ca_db_st {
 DB_ATTR attributes;
 TXT_DB *db;
+char *dbfname;
+# ifndef OPENSSL_NO_POSIX_IO
+struct stat dbst;
+# endif
 } CA_DB;
 
 void* app_malloc(int sz, const char *what);
diff --git a/apps/ocsp.c b/apps/ocsp.c
index bd16a5b..6de0117 100644
--- a/apps/ocsp.c
+++ b/apps/ocsp.c
@@ -26,6 +26,7 @@ NON_EMPTY_TRANSLATION_UNIT
 /* Needs to be included before the openssl headers */
 # include "apps.h"
 # include "progs.h"
+# include "internal/sockets.h"

[openssl-commits] [openssl] OpenSSL_1_0_2-stable update

2018-03-02 Thread Viktor Dukhovni 
The branch OpenSSL_1_0_2-stable has been updated
   via  00cd974f46f8d61896fdf3ca2b238f88e5b9216f (commit)
  from  c1190c32c42b1e3ce35ea2ea8f214f46f336c5ed (commit)


- Log -
commit 00cd974f46f8d61896fdf3ca2b238f88e5b9216f
Author: Viktor Dukhovni <openssl-us...@dukhovni.org>
Date:   Fri Mar 2 10:30:04 2018 -0500

Fix wrong case in documentation of -CRLfile option

Reviewed-by: Rich Salz <rs...@openssl.org>

---

Summary of changes:
 doc/apps/verify.pod | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/doc/apps/verify.pod b/doc/apps/verify.pod
index 321d5ac..2516718 100644
--- a/doc/apps/verify.pod
+++ b/doc/apps/verify.pod
@@ -15,7 +15,7 @@ B B
 [B<-ignore_critical>]
 [B<-attime timestamp>]
 [B<-check_ss_sig>]
-[B<-crlfile file>]
+[B<-CRLfile file>]
 [B<-crl_download>]
 [B<-crl_check>]
 [B<-crl_check_all>]
@@ -69,7 +69,7 @@ current system time. B is the number of seconds 
since
 Verify the signature on the self-signed root CA. This is disabled by default
 because it doesn't add any security.
 
-=item B<-crlfile file>
+=item B<-CRLfile file>
 
 File containing one or more CRL's (in PEM format) to load.
 
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] OpenSSL_1_1_0-stable update

2018-02-13 Thread Viktor Dukhovni 
The branch OpenSSL_1_1_0-stable has been updated
   via  144724c75584054329a9d6bb7711cec527fbf523 (commit)
  from  b91891043df21928b72d8093a22a396eca58aa5b (commit)


- Log -
commit 144724c75584054329a9d6bb7711cec527fbf523
Author: Viktor Dukhovni <openssl-us...@dukhovni.org>
Date:   Tue Feb 13 22:43:15 2018 -0500

Avoid fragile aliasing of SHA224/384 update/final

This is purported to save a few cycles, but makes the code less
obvious and more brittle, and in fact breaks on platforms where for
ABI continuity reasons there is a SHA2 implementation in libc, and
so EVP needs to call those to avoid conflicts.

A sufficiently good optimizer could simply generate the same entry
points for:

foo(...) { ... }
and
bar(...) { return foo(...); }

but, even without that, the different is negligible, with the
"winner" varying from run to run (openssl speed -evp sha384):

Old:
type 16 bytes 64 bytes256 bytes   1024 bytes   8192 
bytes 16384 bytes
sha384   28864.28k   117362.62k   266469.21k   483258.03k   
635144.87k 649123.16k

New:
type 16 bytes 64 bytes256 bytes   1024 bytes   8192 
bytes 16384 bytes
sha384   30055.18k   120725.98k   272057.26k   482847.40k   
634585.09k 650308.27k

Reviewed-by: Rich Salz <rs...@openssl.org>

---

Summary of changes:
 crypto/evp/m_sha1.c | 33 -
 1 file changed, 24 insertions(+), 9 deletions(-)

diff --git a/crypto/evp/m_sha1.c b/crypto/evp/m_sha1.c
index 8f30077..ac0ead3 100644
--- a/crypto/evp/m_sha1.c
+++ b/crypto/evp/m_sha1.c
@@ -115,16 +115,21 @@ static int init224(EVP_MD_CTX *ctx)
 return SHA224_Init(EVP_MD_CTX_md_data(ctx));
 }
 
+static int update224(EVP_MD_CTX *ctx, const void *data, size_t count)
+{
+return SHA224_Update(EVP_MD_CTX_md_data(ctx), data, count);
+}
+
+static int final224(EVP_MD_CTX *ctx, unsigned char *md)
+{
+return SHA224_Final(md, EVP_MD_CTX_md_data(ctx));
+}
+
 static int init256(EVP_MD_CTX *ctx)
 {
 return SHA256_Init(EVP_MD_CTX_md_data(ctx));
 }
 
-/*
- * Even though there're separate SHA224_[Update|Final], we call
- * SHA256 functions even in SHA224 context. This is what happens
- * there anyway, so we can spare few CPU cycles:-)
- */
 static int update256(EVP_MD_CTX *ctx, const void *data, size_t count)
 {
 return SHA256_Update(EVP_MD_CTX_md_data(ctx), data, count);
@@ -141,8 +146,8 @@ static const EVP_MD sha224_md = {
 SHA224_DIGEST_LENGTH,
 EVP_MD_FLAG_DIGALGID_ABSENT,
 init224,
-update256,
-final256,
+update224,
+final224,
 NULL,
 NULL,
 SHA256_CBLOCK,
@@ -178,6 +183,16 @@ static int init384(EVP_MD_CTX *ctx)
 return SHA384_Init(EVP_MD_CTX_md_data(ctx));
 }
 
+static int update384(EVP_MD_CTX *ctx, const void *data, size_t count)
+{
+return SHA384_Update(EVP_MD_CTX_md_data(ctx), data, count);
+}
+
+static int final384(EVP_MD_CTX *ctx, unsigned char *md)
+{
+return SHA384_Final(md, EVP_MD_CTX_md_data(ctx));
+}
+
 static int init512(EVP_MD_CTX *ctx)
 {
 return SHA512_Init(EVP_MD_CTX_md_data(ctx));
@@ -200,8 +215,8 @@ static const EVP_MD sha384_md = {
 SHA384_DIGEST_LENGTH,
 EVP_MD_FLAG_DIGALGID_ABSENT,
 init384,
-update512,
-final512,
+update384,
+final384,
 NULL,
 NULL,
 SHA512_CBLOCK,
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] master update

2018-02-13 Thread Viktor Dukhovni 
The branch master has been updated
   via  babab8e7c9060cd4e8e423a783853503982a5d27 (commit)
  from  72960279562e9af53264155a46b4a0b6a40f9590 (commit)


- Log -
commit babab8e7c9060cd4e8e423a783853503982a5d27
Author: Viktor Dukhovni <openssl-us...@dukhovni.org>
Date:   Tue Feb 13 22:43:15 2018 -0500

Avoid fragile aliasing of SHA224/384 update/final

This is purported to save a few cycles, but makes the code less
obvious and more brittle, and in fact breaks on platforms where for
ABI continuity reasons there is a SHA2 implementation in libc, and
so EVP needs to call those to avoid conflicts.

A sufficiently good optimizer could simply generate the same entry
points for:

foo(...) { ... }
and
bar(...) { return foo(...); }

but, even without that, the different is negligible, with the
"winner" varying from run to run (openssl speed -evp sha384):

Old:
type 16 bytes 64 bytes256 bytes   1024 bytes   8192 
bytes 16384 bytes
sha384   28864.28k   117362.62k   266469.21k   483258.03k   
635144.87k 649123.16k

New:
type 16 bytes 64 bytes256 bytes   1024 bytes   8192 
bytes 16384 bytes
sha384   30055.18k   120725.98k   272057.26k   482847.40k   
634585.09k 650308.27k

Reviewed-by: Rich Salz <rs...@openssl.org>

---

Summary of changes:
 crypto/evp/m_sha1.c | 33 -
 1 file changed, 24 insertions(+), 9 deletions(-)

diff --git a/crypto/evp/m_sha1.c b/crypto/evp/m_sha1.c
index d73e412..ac52417 100644
--- a/crypto/evp/m_sha1.c
+++ b/crypto/evp/m_sha1.c
@@ -116,16 +116,21 @@ static int init224(EVP_MD_CTX *ctx)
 return SHA224_Init(EVP_MD_CTX_md_data(ctx));
 }
 
+static int update224(EVP_MD_CTX *ctx, const void *data, size_t count)
+{
+return SHA224_Update(EVP_MD_CTX_md_data(ctx), data, count);
+}
+
+static int final224(EVP_MD_CTX *ctx, unsigned char *md)
+{
+return SHA224_Final(md, EVP_MD_CTX_md_data(ctx));
+}
+
 static int init256(EVP_MD_CTX *ctx)
 {
 return SHA256_Init(EVP_MD_CTX_md_data(ctx));
 }
 
-/*
- * Even though there're separate SHA224_[Update|Final], we call
- * SHA256 functions even in SHA224 context. This is what happens
- * there anyway, so we can spare few CPU cycles:-)
- */
 static int update256(EVP_MD_CTX *ctx, const void *data, size_t count)
 {
 return SHA256_Update(EVP_MD_CTX_md_data(ctx), data, count);
@@ -142,8 +147,8 @@ static const EVP_MD sha224_md = {
 SHA224_DIGEST_LENGTH,
 EVP_MD_FLAG_DIGALGID_ABSENT,
 init224,
-update256,
-final256,
+update224,
+final224,
 NULL,
 NULL,
 SHA256_CBLOCK,
@@ -189,6 +194,16 @@ static int init384(EVP_MD_CTX *ctx)
 return SHA384_Init(EVP_MD_CTX_md_data(ctx));
 }
 
+static int update384(EVP_MD_CTX *ctx, const void *data, size_t count)
+{
+return SHA384_Update(EVP_MD_CTX_md_data(ctx), data, count);
+}
+
+static int final384(EVP_MD_CTX *ctx, unsigned char *md)
+{
+return SHA384_Final(md, EVP_MD_CTX_md_data(ctx));
+}
+
 static int init512(EVP_MD_CTX *ctx)
 {
 return SHA512_Init(EVP_MD_CTX_md_data(ctx));
@@ -249,8 +264,8 @@ static const EVP_MD sha384_md = {
 SHA384_DIGEST_LENGTH,
 EVP_MD_FLAG_DIGALGID_ABSENT,
 init384,
-update512,
-final512,
+update384,
+final384,
 NULL,
 NULL,
 SHA512_CBLOCK,
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] OpenSSL_1_1_0-stable update

2018-02-09 Thread Viktor Dukhovni 
The branch OpenSSL_1_1_0-stable has been updated
   via  04f53be990f9d1d7c5f7b8f10568df6ebafccf65 (commit)
  from  5a91d332d96400630e76a15121ead56aeeec (commit)


- Log -
commit 04f53be990f9d1d7c5f7b8f10568df6ebafccf65
Author: Viktor Dukhovni <openssl-us...@dukhovni.org>
Date:   Fri Feb 9 18:34:33 2018 -0500

Avoid leaking peername data via accept BIOs

Reviewed-by: Rich Salz <rs...@openssl.org>
(cherry picked from commit 4e0752535eb87b9aab4cf193f4422b5801ab7b32)

---

Summary of changes:
 crypto/bio/bss_acpt.c | 5 +
 1 file changed, 5 insertions(+)

diff --git a/crypto/bio/bss_acpt.c b/crypto/bio/bss_acpt.c
index f0fe7f0..4be4781 100644
--- a/crypto/bio/bss_acpt.c
+++ b/crypto/bio/bss_acpt.c
@@ -271,6 +271,11 @@ static int acpt_state(BIO *b, BIO_ACCEPT *c)
 BIO_clear_retry_flags(b);
 b->retry_reason = 0;
 
+OPENSSL_free(c->cache_peer_name);
+c->cache_peer_name = NULL;
+OPENSSL_free(c->cache_peer_serv);
+c->cache_peer_serv = NULL;
+
 s = BIO_accept_ex(c->accept_sock, >cache_peer_addr,
   c->accepted_mode);
 
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] master update

2018-01-05 Thread Viktor Dukhovni 
The branch master has been updated
   via  cc94da4ea38cc2a4a47e0a14ef9e361a2d723eff (commit)
  from  b44a65512a4a0a299f8f817b63df472e74a0007a (commit)


- Log -
commit cc94da4ea38cc2a4a47e0a14ef9e361a2d723eff
Author: Viktor Dukhovni <openssl-us...@dukhovni.org>
Date:   Wed Dec 13 10:55:38 2017 -0500

Add x509(1) reference

Reviewed-by: Ben Kaduk <ka...@mit.edu>

---

Summary of changes:
 doc/man3/X509_VERIFY_PARAM_set_flags.pod | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/doc/man3/X509_VERIFY_PARAM_set_flags.pod 
b/doc/man3/X509_VERIFY_PARAM_set_flags.pod
index 947bd8a..48c2fdf 100644
--- a/doc/man3/X509_VERIFY_PARAM_set_flags.pod
+++ b/doc/man3/X509_VERIFY_PARAM_set_flags.pod
@@ -340,7 +340,8 @@ connections associated with an B structure B:
 L<X509_verify_cert(3)>,
 L<X509_check_host(3)>,
 L<X509_check_email(3)>,
-L<X509_check_ip(3)>
+L<X509_check_ip(3)>,
+L<x509(1)>
 
 =head1 HISTORY
 
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] OpenSSL_1_1_0-stable update

2018-01-05 Thread Viktor Dukhovni 
The branch OpenSSL_1_1_0-stable has been updated
   via  35a37158181fb0129b632b450ded1114fe4fbb37 (commit)
  from  94b372b4c9e0f5e0fc7785ad8fee347479854009 (commit)


- Log -
commit 35a37158181fb0129b632b450ded1114fe4fbb37
Author: Viktor Dukhovni <openssl-us...@dukhovni.org>
Date:   Wed Dec 13 10:57:51 2017 -0500

Add x509(1) reference

Reviewed-by: Rich Salz <rs...@openssl.org>

---

Summary of changes:
 doc/crypto/X509_VERIFY_PARAM_set_flags.pod | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/doc/crypto/X509_VERIFY_PARAM_set_flags.pod 
b/doc/crypto/X509_VERIFY_PARAM_set_flags.pod
index b778d94..b6c3296 100644
--- a/doc/crypto/X509_VERIFY_PARAM_set_flags.pod
+++ b/doc/crypto/X509_VERIFY_PARAM_set_flags.pod
@@ -338,7 +338,8 @@ connections associated with an B structure B:
 L<X509_verify_cert(3)>,
 L<X509_check_host(3)>,
 L<X509_check_email(3)>,
-L<X509_check_ip(3)>
+L<X509_check_ip(3)>,
+L<x509(1)>
 
 =head1 HISTORY
 
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] OpenSSL_1_0_2-stable update

2017-12-23 Thread Viktor Dukhovni 
The branch OpenSSL_1_0_2-stable has been updated
   via  6f4c54dcf3e45b2713c93cf1bfc22f40869ed00b (commit)
  from  71d53e8ba5b9eeca9151f516f061ecdcbedbab00 (commit)


- Log -
commit 6f4c54dcf3e45b2713c93cf1bfc22f40869ed00b
Author: Viktor Dukhovni <openssl-us...@dukhovni.org>
Date:   Wed Dec 13 10:56:44 2017 -0500

Add missing comma between references

Reviewed-by: Ben Kaduk <ka...@mit.edu>
Reviewed-by: Paul Dale <paul.d...@oracle.com>

---

Summary of changes:
 doc/crypto/X509_VERIFY_PARAM_set_flags.pod | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/doc/crypto/X509_VERIFY_PARAM_set_flags.pod 
b/doc/crypto/X509_VERIFY_PARAM_set_flags.pod
index b7edfb4..10399ec 100644
--- a/doc/crypto/X509_VERIFY_PARAM_set_flags.pod
+++ b/doc/crypto/X509_VERIFY_PARAM_set_flags.pod
@@ -256,7 +256,7 @@ connections associated with an B structure B:
 L<X509_verify_cert(3)|X509_verify_cert(3)>,
 L<X509_check_host(3)|X509_check_host(3)>,
 L<X509_check_email(3)|X509_check_email(3)>,
-L<X509_check_ip(3)|X509_check_ip(3)>
+L<X509_check_ip(3)|X509_check_ip(3)>,
 L<x509(1)|x509(1)>
 
 =head1 HISTORY
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] OpenSSL_1_0_2-stable update

2017-12-13 Thread Viktor Dukhovni 
The branch OpenSSL_1_0_2-stable has been updated
   via  71d53e8ba5b9eeca9151f516f061ecdcbedbab00 (commit)
  from  b6adfa043fcd33960c277a75984701e87d06fa33 (commit)


- Log -
commit 71d53e8ba5b9eeca9151f516f061ecdcbedbab00
Author: Viktor Dukhovni <openssl-us...@dukhovni.org>
Date:   Mon Dec 11 19:05:35 2017 -0500

Document the X509_V_FLAG_PARTIAL_CHAIN flag

Also documented X509_V_FLAG_TRUSTED_FIRST

Reviewed-by: Matt Caswell <m...@openssl.org>
Reviewed-by: Rich Salz <rs...@openssl.org>

---

Summary of changes:
 doc/crypto/X509_VERIFY_PARAM_set_flags.pod | 22 ++
 1 file changed, 22 insertions(+)

diff --git a/doc/crypto/X509_VERIFY_PARAM_set_flags.pod 
b/doc/crypto/X509_VERIFY_PARAM_set_flags.pod
index 44792f9..b7edfb4 100644
--- a/doc/crypto/X509_VERIFY_PARAM_set_flags.pod
+++ b/doc/crypto/X509_VERIFY_PARAM_set_flags.pod
@@ -203,6 +203,27 @@ chain found is not trusted, then OpenSSL will continue to 
check to see if an
 alternative chain can be found that is trusted. With this flag set the 
behaviour
 will match that of OpenSSL versions prior to 1.0.2b.
 
+The B flag causes chain construction to look for
+issuers in the trust store before looking at the untrusted certificates
+provided as part of the the peer chain.
+Though it is not on by default in OpenSSL 1.0.2, applications should generally
+set this flag.
+Local issuer certificates are often more likely to satisfy local security
+requirements and lead to a locally trusted root.
+This is especially important When some certificates in the trust store have
+explicit trust settings (see "TRUST SETTINGS" in L<x509(1)>).
+
+The B flag causes intermediate certificates in the
+trust store to be treated as trust-anchors, in the same way as the self-signed
+root CA certificates.
+This makes it possible to trust certificates issued by an intermediate CA
+without having to trust its ancestor root CA.
+With OpenSSL 1.0.2, chain construction continues as long as there are
+additional trusted issuers in the trust store, and the last trusted issuer
+becomes the trust-anchor.
+Thus, even when an intermediate certificate is found in the trust store, the
+verified chain passed to callbacks may still be anchored by a root CA.
+
 =head1 NOTES
 
 The above functions should be used to manipulate verification parameters
@@ -236,6 +257,7 @@ L<X509_verify_cert(3)|X509_verify_cert(3)>,
 L<X509_check_host(3)|X509_check_host(3)>,
 L<X509_check_email(3)|X509_check_email(3)>,
 L<X509_check_ip(3)|X509_check_ip(3)>
+L<x509(1)|x509(1)>
 
 =head1 HISTORY
 
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] master update

2017-12-13 Thread Viktor Dukhovni 
The branch master has been updated
   via  f517911d3106bdbc5052b1b85560eb6499e3b741 (commit)
  from  eb48052ec96a7551391b5955f03f5ef70b3528f6 (commit)


- Log -
commit f517911d3106bdbc5052b1b85560eb6499e3b741
Author: Viktor Dukhovni <openssl-us...@dukhovni.org>
Date:   Mon Dec 11 18:33:59 2017 -0500

Document the X509_V_FLAG_PARTIAL_CHAIN flag

Also improved documentation of TRUSTED_FIRST

Reviewed-by: Matt Caswell <m...@openssl.org>
Reviewed-by: Rich Salz <rs...@openssl.org>

---

Summary of changes:
 doc/man3/X509_VERIFY_PARAM_set_flags.pod | 25 +
 1 file changed, 21 insertions(+), 4 deletions(-)

diff --git a/doc/man3/X509_VERIFY_PARAM_set_flags.pod 
b/doc/man3/X509_VERIFY_PARAM_set_flags.pod
index a4e3061..947bd8a 100644
--- a/doc/man3/X509_VERIFY_PARAM_set_flags.pod
+++ b/doc/man3/X509_VERIFY_PARAM_set_flags.pod
@@ -248,10 +248,14 @@ check the signature anyway. A side effect of not checking 
the root CA
 signature is that disabled or unsupported message digests on the root CA
 are not treated as fatal errors.
 
-If B is set, when constructing the certificate 
chain,
-L<X509_verify_cert(3)> will search the trust store for issuer certificates 
before
-searching the provided untrusted certificates.
-As of OpenSSL 1.1.0 this option is on by default and cannot be disabled.
+When B is set, construction of the certificate chain
+in L<X509_verify_cert(3)> will search the trust store for issuer certificates
+before searching the provided untrusted certificates.
+Local issuer certificates are often more likely to satisfy local security
+requirements and lead to a locally trusted root.
+This is especially important when some certificates in the trust store have
+explicit trust settings (see "TRUST SETTINGS" in L<x509(1)>).
+As of OpenSSL 1.1.0 this option is on by default.
 
 The B flag suppresses checking for alternative
 chains.
@@ -263,6 +267,19 @@ found that is trusted.
 As of OpenSSL 1.1.0, with B always set, this option
 has no effect.
 
+The B flag causes intermediate certificates in the
+trust store to be treated as trust-anchors, in the same way as the self-signed
+root CA certificates.
+This makes it possible to trust certificates issued by an intermediate CA
+without having to trust its ancestor root CA.
+With OpenSSL 1.1.0 and later and  set, chain
+construction stops as soon as the first certificate from the trust store is
+added to the chain, whether that certificate is a self-signed "root"
+certificate or a not self-signed intermediate certificate.
+Thus, when an intermediate certificate is found in the trust store, the
+verified chain passed to callbacks may be shorter than it otherwise would
+be without the B flag.
+
 The B flag suppresses checking the validity period
 of certificates and CRLs against the current time. If 
X509_VERIFY_PARAM_set_time()
 is used to specify a verification time, the check is not suppressed.
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] OpenSSL_1_1_0-stable update

2017-12-13 Thread Viktor Dukhovni 
The branch OpenSSL_1_1_0-stable has been updated
   via  f053c215024d2dc6f8d9ce2047dc18ccf4015e19 (commit)
  from  dea20b941f68c60fbe1885ecf8156a76eb30789a (commit)


- Log -
commit f053c215024d2dc6f8d9ce2047dc18ccf4015e19
Author: Viktor Dukhovni <openssl-us...@dukhovni.org>
Date:   Mon Dec 11 18:37:58 2017 -0500

Document the X509_V_FLAG_PARTIAL_CHAIN flag

Also improved documentation of TRUSTED_FIRST

Reviewed-by: Matt Caswell <m...@openssl.org>
Reviewed-by: Rich Salz <rs...@openssl.org>

---

Summary of changes:
 doc/crypto/X509_VERIFY_PARAM_set_flags.pod | 25 +
 1 file changed, 21 insertions(+), 4 deletions(-)

diff --git a/doc/crypto/X509_VERIFY_PARAM_set_flags.pod 
b/doc/crypto/X509_VERIFY_PARAM_set_flags.pod
index d081d98..b778d94 100644
--- a/doc/crypto/X509_VERIFY_PARAM_set_flags.pod
+++ b/doc/crypto/X509_VERIFY_PARAM_set_flags.pod
@@ -248,10 +248,14 @@ check the signature anyway. A side effect of not checking 
the root CA
 signature is that disabled or unsupported message digests on the root CA
 are not treated as fatal errors.
 
-If B is set, when constructing the certificate 
chain,
-L<X509_verify_cert(3)> will search the trust store for issuer certificates 
before
-searching the provided untrusted certificates.
-As of OpenSSL 1.1.0 this option is on by default and cannot be disabled.
+When B is set, construction of the certificate chain
+in L<X509_verify_cert(3)> will search the trust store for issuer certificates
+before searching the provided untrusted certificates.
+Local issuer certificates are often more likely to satisfy local security
+requirements and lead to a locally trusted root.
+This is especially important when some certificates in the trust store have
+explicit trust settings (see "TRUST SETTINGS" in L<x509(1)>).
+As of OpenSSL 1.1.0 this option is on by default.
 
 The B flag suppresses checking for alternative
 chains.
@@ -263,6 +267,19 @@ found that is trusted.
 As of OpenSSL 1.1.0, with B always set, this option
 has no effect.
 
+The B flag causes intermediate certificates in the
+trust store to be treated as trust-anchors, in the same way as the self-signed
+root CA certificates.
+This makes it possible to trust certificates issued by an intermediate CA
+without having to trust its ancestor root CA.
+With OpenSSL 1.1.0 and later and  set, chain
+construction stops as soon as the first certificate from the trust store is
+added to the chain, whether that certificate is a self-signed "root"
+certificate or a not self-signed intermediate certificate.
+Thus, when an intermediate certificate is found in the trust store, the
+verified chain passed to callbacks may be shorter than it otherwise would
+be without the B flag.
+
 The B flag suppresses checking the validity period
 of certificates and CRLs against the current time. If 
X509_VERIFY_PARAM_set_time()
 is used to specify a verification time, the check is not suppressed.
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] OpenSSL_1_1_0-stable update

2017-12-01 Thread Viktor Dukhovni 
The branch OpenSSL_1_1_0-stable has been updated
   via  e6f38fb817d831ed093f7d7140325783b5556d8f (commit)
  from  a61c15eb9b8d0ef513d695c854516958e2ccf1eb (commit)


- Log -
commit e6f38fb817d831ed093f7d7140325783b5556d8f
Author: Viktor Dukhovni <openssl-us...@dukhovni.org>
Date:   Mon Nov 20 21:30:04 2017 -0500

Make possible variant SONAMEs and symbol versions

This small change in the Unix template and shared library build
scripts enables building "variant" shared libraries.  A "variant"
shared library has a non-default SONAME, and non default symbol
versions.  This makes it possible to build (say) an OpenSSL 1.1.0
library that can coexist without conflict in the same process address
space as the system's default OpenSSL library which may be OpenSSL
1.0.2.

Such "variant" shared libraries make it possible to link applications
against a custom OpenSSL library installed in /opt/openssl/1.1 or
similar location, and not risk conflict with an indirectly loaded
OpenSSL runtime that is required by some other dependency.

Variant shared libraries have been fully tested under Linux, and
build successfully on MacOS/X producing variant DYLD names.  MacOS/X
Darwin has no symbol versioning, but has a non-flat library namespace.
Variant libraries may therefore support multiple OpenSSL libraries
in the same address space also with MacOS/X, despite lack of symbol
versions, but this has not been verified.

Variant shared libraries are optional and off by default.

Reviewed-by: Richard Levitte <levi...@openssl.org>

---

Summary of changes:
 Configurations/README | 21 ++
 Configurations/unix-Makefile.tmpl |  3 +-
 util/mkdef.pl | 58 +--
 3 files changed, 78 insertions(+), 4 deletions(-)

diff --git a/Configurations/README b/Configurations/README
index 47971c2..eecf1ea 100644
--- a/Configurations/README
+++ b/Configurations/README
@@ -86,6 +86,27 @@ In each table entry, the following keys are significant:
files.  On unix, this defaults to "" (NOTE:
this is here for future use, it's not
implemented yet)
+shlib_variant   => A "variant" identifier inserted between the base
+   shared library name and the extension.  On "unixy"
+   platforms (BSD, Linux, Solaris, MacOS/X, ...) this
+   supports installation of custom OpenSSL libraries
+   that don't conflict with other builds of OpenSSL
+   installed on the system.  The variant identifier
+   becomes part of the SONAME of the library and also
+   any symbol versions (symbol versions are not used or
+   needed with MacOS/X).  For example, on a system
+   where a default build would normally create the SSL
+   shared library as 'libssl.so -> libssl.so.1.1' with
+   the value of the symlink as the SONAME, a target
+   definition that sets 'shlib_variant => "-abc"' will
+   create 'libssl.so -> libssl-abc.so.1.1', again with
+   an SONAME equal to the value of the symlink.  The
+   symbol versions associated with the variant library
+   would then be 'OPENSSL_ABC_' rather than
+   the default 'OPENSSL_'. The string inserted
+   into symbol versions is obtained by mapping all
+   letters in the "variant" identifier to upper case
+   and all non-alphanumeric characters to '_'.
 
 thread_scheme   => The type of threads is used on the
configured platform.  Currently known
diff --git a/Configurations/unix-Makefile.tmpl 
b/Configurations/unix-Makefile.tmpl
index f044e95..39c4402 100644
--- a/Configurations/unix-Makefile.tmpl
+++ b/Configurations/unix-Makefile.tmpl
@@ -8,6 +8,7 @@
  our $exeext = $target{exe_extension} || "";
  our $libext = $target{lib_extension} || ".a";
  our $shlibext = $target{shared_extension} || ".so";
+ our $shlibvariant = $target{shlib_variant} || "";
  our $shlibextsimple = $target{shared_extension_simple} || ".so";
  our $shlibextimport = $target{shared_import_extension} || "";
  our $dsoext = $target{dso_extension} || ".so";
@@ -40,7

[openssl-commits] [openssl] master update

2017-12-01 Thread Viktor Dukhovni 
The branch master has been updated
   via  822b5e2645a99bea15329bd66c9723c7e7119cdb (commit)
  from  a4cefc86c820d3894ca960857ba4e7cf8e2014b0 (commit)


- Log -
commit 822b5e2645a99bea15329bd66c9723c7e7119cdb
Author: Viktor Dukhovni <openssl-us...@dukhovni.org>
Date:   Mon Nov 20 21:30:04 2017 -0500

Make possible variant SONAMEs and symbol versions

This small change in the Unix template and shared library build
scripts enables building "variant" shared libraries.  A "variant"
shared library has a non-default SONAME, and non default symbol
versions.  This makes it possible to build (say) an OpenSSL 1.1.0
library that can coexist without conflict in the same process address
space as the system's default OpenSSL library which may be OpenSSL
1.0.2.

Such "variant" shared libraries make it possible to link applications
against a custom OpenSSL library installed in /opt/openssl/1.1 or
similar location, and not risk conflict with an indirectly loaded
OpenSSL runtime that is required by some other dependency.

Variant shared libraries have been fully tested under Linux, and
build successfully on MacOS/X producing variant DYLD names.  MacOS/X
Darwin has no symbol versioning, but has a non-flat library namespace.
Variant libraries may therefore support multiple OpenSSL libraries
in the same address space also with MacOS/X, despite lack of symbol
versions, but this has not been verified.

Variant shared libraries are optional and off by default.

Reviewed-by: Richard Levitte <levi...@openssl.org>

---

Summary of changes:
 Configurations/README | 21 ++
 Configurations/unix-Makefile.tmpl |  3 +-
 util/mkdef.pl | 58 +--
 3 files changed, 78 insertions(+), 4 deletions(-)

diff --git a/Configurations/README b/Configurations/README
index 5274559..a80c126 100644
--- a/Configurations/README
+++ b/Configurations/README
@@ -101,6 +101,27 @@ In each table entry, the following keys are significant:
files.  On unix, this defaults to "" (NOTE:
this is here for future use, it's not
implemented yet)
+shlib_variant   => A "variant" identifier inserted between the base
+   shared library name and the extension.  On "unixy"
+   platforms (BSD, Linux, Solaris, MacOS/X, ...) this
+   supports installation of custom OpenSSL libraries
+   that don't conflict with other builds of OpenSSL
+   installed on the system.  The variant identifier
+   becomes part of the SONAME of the library and also
+   any symbol versions (symbol versions are not used or
+   needed with MacOS/X).  For example, on a system
+   where a default build would normally create the SSL
+   shared library as 'libssl.so -> libssl.so.1.1' with
+   the value of the symlink as the SONAME, a target
+   definition that sets 'shlib_variant => "-abc"' will
+   create 'libssl.so -> libssl-abc.so.1.1', again with
+   an SONAME equal to the value of the symlink.  The
+   symbol versions associated with the variant library
+   would then be 'OPENSSL_ABC_' rather than
+   the default 'OPENSSL_'. The string inserted
+   into symbol versions is obtained by mapping all
+   letters in the "variant" identifier to upper case
+   and all non-alphanumeric characters to '_'.
 
 thread_scheme   => The type of threads is used on the
configured platform.  Currently known
diff --git a/Configurations/unix-Makefile.tmpl 
b/Configurations/unix-Makefile.tmpl
index dfd80c2..d66160f 100644
--- a/Configurations/unix-Makefile.tmpl
+++ b/Configurations/unix-Makefile.tmpl
@@ -8,6 +8,7 @@
  our $exeext = $target{exe_extension} || "";
  our $libext = $target{lib_extension} || ".a";
  our $shlibext = $target{shared_extension} || ".so";
+ our $shlibvariant = $target{shlib_variant} || "";
  our $shlibextsimple = $target{shared_extension_simple} || ".so";
  our $shlibextimport = $target{shared_import_extension} || "";
  our $dsoext = $target{dso_extension} || ".so";
@@ -40,7 +41,7 @@
  sub shli

[openssl-commits] [openssl] OpenSSL_1_1_0-stable update

2016-12-02 Thread Viktor Dukhovni 
The branch OpenSSL_1_1_0-stable has been updated
   via  72ea4b8de29bd29dcc44b3d3a73660fe4d1bba40 (commit)
  from  9fa506681c842bf9b27ddf4ea8579c4695be3bfa (commit)


- Log -
commit 72ea4b8de29bd29dcc44b3d3a73660fe4d1bba40
Author: Viktor Dukhovni <openssl-us...@dukhovni.org>
Date:   Fri Nov 25 00:38:04 2016 -0500

Restore last-resort expired untrusted intermediate issuers

Reviewed-by: Matt Caswell <m...@openssl.org>

---

Summary of changes:
 crypto/x509/x509_vfy.c | 15 ---
 1 file changed, 8 insertions(+), 7 deletions(-)

diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c
index 9fbef11..ebc4424 100644
--- a/crypto/x509/x509_vfy.c
+++ b/crypto/x509/x509_vfy.c
@@ -308,16 +308,17 @@ int X509_verify_cert(X509_STORE_CTX *ctx)
 static X509 *find_issuer(X509_STORE_CTX *ctx, STACK_OF(X509) *sk, X509 *x)
 {
 int i;
+X509 *issuer, *rv = NULL;
 
 for (i = 0; i < sk_X509_num(sk); i++) {
-X509 *issuer = sk_X509_value(sk, i);
-
-if (!ctx->check_issued(ctx, x, issuer))
-continue;
-if (x509_check_cert_time(ctx, issuer, -1))
-return issuer;
+issuer = sk_X509_value(sk, i);
+if (ctx->check_issued(ctx, x, issuer)) {
+rv = issuer;
+if (x509_check_cert_time(ctx, rv, -1))
+break;
+}
 }
-return NULL;
+return rv;
 }
 
 /* Given a possible certificate and issuer check them */
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] master update

2016-07-12 Thread Viktor Dukhovni 
The branch master has been updated
   via  3307000d9852acac98ebc1b82cacc9b14240d798 (commit)
  from  5ae4ceb92c2ae6c677b1de2c477dce71a4d94716 (commit)


- Log -
commit 3307000d9852acac98ebc1b82cacc9b14240d798
Author: Viktor Dukhovni <openssl-us...@dukhovni.org>
Date:   Tue Jul 12 11:10:05 2016 -0400

Make update

Reviewed-by: Rich Salz <rs...@openssl.org>

---

Summary of changes:
 util/libssl.num | 4 
 1 file changed, 4 insertions(+)

diff --git a/util/libssl.num b/util/libssl.num
index d023293..f19ee4c 100644
--- a/util/libssl.num
+++ b/util/libssl.num
@@ -396,3 +396,7 @@ SSL_SESSION_get0_hostname   396 1_1_0   
EXIST::FUNCTION:
 SSL_client_version  3971_1_0   EXIST::FUNCTION:
 SSL_SESSION_get_protocol_version3981_1_0   EXIST::FUNCTION:
 SSL_is_dtls 3991_1_0   EXIST::FUNCTION:
+SSL_CTX_dane_set_flags  4001_1_0   EXIST::FUNCTION:
+SSL_dane_set_flags  4011_1_0   EXIST::FUNCTION:
+SSL_CTX_dane_clear_flags4021_1_0   EXIST::FUNCTION:
+SSL_dane_clear_flags4031_1_0   EXIST::FUNCTION:
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] master update

2016-07-12 Thread Viktor Dukhovni 
The branch master has been updated
   via  5ae4ceb92c2ae6c677b1de2c477dce71a4d94716 (commit)
  from  d83b7e1a580b2f68a041d178e91e9495ec95e383 (commit)


- Log -
commit 5ae4ceb92c2ae6c677b1de2c477dce71a4d94716
Author: Viktor Dukhovni <openssl-us...@dukhovni.org>
Date:   Sun Jul 10 20:36:02 2016 -0400

Perform DANE-EE(3) name checks by default

In light of potential UKS (unknown key share) attacks on some
applications, primarily browsers, despite RFC761, name checks are
by default applied with DANE-EE(3) TLSA records.  Applications for
which UKS is not a problem can optionally disable DANE-EE(3) name
checks via the new SSL_CTX_dane_set_flags() and friends.

Reviewed-by: Rich Salz <rs...@openssl.org>

---

Summary of changes:
 crypto/x509/x509_vfy.c  |   4 ++
 doc/ssl/SSL_CTX_dane_enable.pod |  47 -
 include/internal/dane.h |   2 +
 include/openssl/ssl.h   |   7 ++
 include/openssl/x509_vfy.h  |   1 +
 ssl/ssl_lib.c   |  37 ++
 test/danetest.c |   6 +-
 test/danetest.in| 147 ++--
 8 files changed, 200 insertions(+), 51 deletions(-)

diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c
index 469a0a8..ee1c9af 100644
--- a/crypto/x509/x509_vfy.c
+++ b/crypto/x509/x509_vfy.c
@@ -2765,6 +2765,10 @@ static int dane_verify(X509_STORE_CTX *ctx)
 /* Callback invoked as needed */
 if (!check_leaf_suiteb(ctx, cert))
 return 0;
+/* Callback invoked as needed */
+if ((dane->flags & DANE_FLAG_NO_DANE_EE_NAMECHECKS) == 0 &&
+!check_id(ctx))
+return 0;
 /* Bypass internal_verify(), issue depth 0 success callback */
 ctx->error_depth = 0;
 ctx->current_cert = cert;
diff --git a/doc/ssl/SSL_CTX_dane_enable.pod b/doc/ssl/SSL_CTX_dane_enable.pod
index 7923bf4..fb535ec 100644
--- a/doc/ssl/SSL_CTX_dane_enable.pod
+++ b/doc/ssl/SSL_CTX_dane_enable.pod
@@ -3,7 +3,9 @@
 =head1 NAME
 
 SSL_CTX_dane_enable, SSL_CTX_dane_mtype_set, SSL_dane_enable,
-SSL_dane_tlsa_add, SSL_get0_dane_authority, SSL_get0_dane_tlsa -
+SSL_dane_tlsa_add, SSL_get0_dane_authority, SSL_get0_dane_tlsa
+SSL_CTX_dane_set_flags, SSL_CTX_dane_clear_flags,
+SSL_dane_set_flags, SSL_dane_clear_flags -
 enable DANE TLS authentication of the remote TLS server in the local
 TLS client
 
@@ -21,6 +23,10 @@ TLS client
  int SSL_get0_dane_tlsa(SSL *s, uint8_t *usage, uint8_t *selector,
 uint8_t *mtype, unsigned const char **data,
 size_t *dlen);
+ unsigned long SSL_CTX_dane_set_flags(SSL_CTX *ctx, unsigned long flags);
+ unsigned long SSL_CTX_dane_clear_flags(SSL_CTX *ctx, unsigned long flags);
+ unsigned long SSL_dane_set_flags(SSL *ssl, unsigned long flags);
+ unsigned long SSL_dane_clear_flags(SSL *ssl, unsigned long flags);
 
 =head1 DESCRIPTION
 
@@ -124,6 +130,33 @@ The B parameter is set to a short-term internal-copy 
of the associated
 data field and must not be freed by the application.
 Applications that need long-term access to this field need to copy the content.
 
+SSL_CTX_dane_set_flags() and SSL_dane_set_flags() can be used to enable
+optional DANE verification features.
+SSL_CTX_dane_clear_flags() and SSL_dane_clear_flags() can be used to disable
+the same features.
+The B argument is a bitmask of the features to enable or disable.
+The B set for an B context are copied to each B handle
+associated with that context at the time the handle is created.
+Subsequent changes in the context's B have no effect on the B set
+for the handle.
+
+At present, the only available option is B
+which can be used to disable server name checks when authenticating via
+DANE-EE(3) TLSA records.
+For some applications, primarily web browsers, it is not safe to disable name
+checks due to "unknown key share" attacks, in which a malicious server can
+convince a client that a connection to a victim server is instead a secure
+connection to the malicious server.
+The malicious server may then be able to violate cross-origin scripting
+restrictions.
+Thus, despite the text of RFC7671, name checks are by default enabled for
+DANE-EE(3) TLSA records, and can be disabled in applications where it is safe
+to do so.
+In particular, SMTP and XMPP clients should set this option as SRV and MX
+records already make it possible for a remote domain to redirect client
+connections to any server of its choice, and in any case SMTP and XMPP clients
+do not execute scripts downloaded from remote servers.
+
 =head1 RETURN VALUES
 
 The functions SSL_CTX_dane_enable(), SSL_CTX_dane_mtype_set(),
@@ -142,6 +175,10 @@ non-negative value indicates the chain depth at which the 
TLSA record matched a
 chai

[openssl-commits] [openssl] master update

2016-07-10 Thread Viktor Dukhovni 
The branch master has been updated
   via  1d03b7b893223b1b049cb992e5c57c9a10f5846c (commit)
  from  7498162d753fc21aa4a30cb0855479dac0515f5c (commit)


- Log -
commit 1d03b7b893223b1b049cb992e5c57c9a10f5846c
Author: Viktor Dukhovni <openssl-us...@dukhovni.org>
Date:   Sun Jul 10 21:09:38 2016 -0400

Don't rely on implicit rsa.h inclusion

With no-deprecated, some nested includes don't happen by default.

Reviewed-by: Rich Salz <rs...@openssl.org>

---

Summary of changes:
 fuzz/server.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/fuzz/server.c b/fuzz/server.c
index 34c7734..0076306 100644
--- a/fuzz/server.c
+++ b/fuzz/server.c
@@ -15,6 +15,7 @@
 
 #include 
 #include 
+#include 
 #include "fuzzer.h"
 
 static const uint8_t kCertificateDER[] = {
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] master update

2016-06-23 Thread Viktor Dukhovni 
The branch master has been updated
   via  615dd78b72a822b31ad17623afcf1293bfee3570 (commit)
  from  d0ba3119def9e2683bc517c8189c33d76373e6c1 (commit)


- Log -
commit 615dd78b72a822b31ad17623afcf1293bfee3570
Author: Viktor Dukhovni <openssl-us...@dukhovni.org>
Date:   Thu Jun 23 23:28:34 2016 +1000

Drop extraneous printf argument in mkcert.sh

Reviewed-by: Rich Salz <rs...@openssl.org>

---

Summary of changes:
 test/certs/mkcert.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/test/certs/mkcert.sh b/test/certs/mkcert.sh
index ced08ea..8863254 100755
--- a/test/certs/mkcert.sh
+++ b/test/certs/mkcert.sh
@@ -61,7 +61,7 @@ req() {
 stderr_onerror \
 openssl req -new -"${OPENSSL_SIGALG}" -key "${key}.pem" \
 -config <(printf "[req]\n%s\n%s\n[dn]\n" \
- "prompt = no" "distinguished_name = dn" "${dn}"
+ "prompt = no" "distinguished_name = dn"
   for dn in "$@"; do echo "$dn"; done)
 }
 
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] master update

2016-06-05 Thread Viktor Dukhovni 
The branch master has been updated
   via  501d53c60091fdc8ed6ab1aa5ad96a71425d8dfd (commit)
  from  3470795171b8aecd4dbc86061600093b86b23c0e (commit)


- Log -
commit 501d53c60091fdc8ed6ab1aa5ad96a71425d8dfd
Author: Viktor Dukhovni <openssl-us...@dukhovni.org>
Date:   Sun Jun 5 11:13:34 2016 -0400

Silence misleading test_abort stderr output

Reviewed-by: Rich Salz <rs...@openssl.org>

---

Summary of changes:
 test/recipes/01-test_abort.t | 1 +
 1 file changed, 1 insertion(+)

diff --git a/test/recipes/01-test_abort.t b/test/recipes/01-test_abort.t
index 2f121e2..a6a7f31 100644
--- a/test/recipes/01-test_abort.t
+++ b/test/recipes/01-test_abort.t
@@ -13,4 +13,5 @@ setup("test_abort");
 
 plan tests => 1;
 
+open STDERR, ">", "/dev/null";
 is(run(test(["aborttest"])), 0, "Testing that abort is caught correctly");
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] OpenSSL_1_0_2-stable update

2016-05-19 Thread Viktor Dukhovni 
The branch OpenSSL_1_0_2-stable has been updated
   via  5553a12735e11bc9aa28727afe721e7236788aab (commit)
   via  96747f0f4e43863a1ec446a95463c2fca9b6ae82 (commit)
  from  2e648db2469ea94d54fa51e3af7ac54663b94966 (commit)


- Log -
commit 5553a12735e11bc9aa28727afe721e7236788aab
Author: Viktor Dukhovni <openssl-us...@dukhovni.org>
Date:   Tue May 17 18:25:40 2016 -0400

Ensure verify error is set when X509_verify_cert() fails

Set ctx->error = X509_V_ERR_OUT_OF_MEM when verificaiton cannot
continue due to malloc failure.  Similarly for issuer lookup failures
and caller errors (bad parameters or invalid state).

Also, when X509_verify_cert() returns <= 0 make sure that the
verification status does not remain X509_V_OK, as a last resort set
it it to X509_V_ERR_UNSPECIFIED, just in case some code path returns
an error without setting an appropriate value of ctx->error.

Add new and some missing error codes to X509 error -> SSL alert switch.

Reviewed-by: Tim Hudson <t...@openssl.org>

commit 96747f0f4e43863a1ec446a95463c2fca9b6ae82
Author: Viktor Dukhovni <openssl-us...@dukhovni.org>
Date:   Mon May 16 21:38:03 2016 -0400

Clarify negative return from X509_verify_cert()

Reviewed-by: Tim Hudson <t...@openssl.org>

---

Summary of changes:
 crypto/x509/x509_txt.c  |  5 +
 crypto/x509/x509_vfy.c  | 39 ++-
 crypto/x509/x509_vfy.h  |  7 +--
 crypto/x509v3/v3_addr.c |  6 ++
 doc/crypto/X509_verify_cert.pod | 13 +++--
 ssl/s3_both.c   |  6 ++
 6 files changed, 63 insertions(+), 13 deletions(-)

diff --git a/crypto/x509/x509_txt.c b/crypto/x509/x509_txt.c
index 3d46d3f..4475715 100644
--- a/crypto/x509/x509_txt.c
+++ b/crypto/x509/x509_txt.c
@@ -204,6 +204,11 @@ const char *X509_verify_cert_error_string(long n)
 case X509_V_ERR_IP_ADDRESS_MISMATCH:
 return ("IP address mismatch");
 
+case X509_V_ERR_INVALID_CALL:
+return ("Invalid certificate verification context");
+case X509_V_ERR_STORE_LOOKUP:
+return ("Issuer certificate lookup error");
+
 default:
 BIO_snprintf(buf, sizeof buf, "error number %ld", n);
 return (buf);
diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c
index 4d34dba..f3fe255 100644
--- a/crypto/x509/x509_vfy.c
+++ b/crypto/x509/x509_vfy.c
@@ -199,6 +199,7 @@ int X509_verify_cert(X509_STORE_CTX *ctx)
 
 if (ctx->cert == NULL) {
 X509err(X509_F_X509_VERIFY_CERT, X509_R_NO_CERT_SET_FOR_US_TO_VERIFY);
+ctx->error = X509_V_ERR_INVALID_CALL;
 return -1;
 }
 if (ctx->chain != NULL) {
@@ -207,6 +208,7 @@ int X509_verify_cert(X509_STORE_CTX *ctx)
  * cannot do another one.
  */
 X509err(X509_F_X509_VERIFY_CERT, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+ctx->error = X509_V_ERR_INVALID_CALL;
 return -1;
 }
 
@@ -219,6 +221,7 @@ int X509_verify_cert(X509_STORE_CTX *ctx)
 if (((ctx->chain = sk_X509_new_null()) == NULL) ||
 (!sk_X509_push(ctx->chain, ctx->cert))) {
 X509err(X509_F_X509_VERIFY_CERT, ERR_R_MALLOC_FAILURE);
+ctx->error = X509_V_ERR_OUT_OF_MEM;
 ok = -1;
 goto err;
 }
@@ -229,6 +232,7 @@ int X509_verify_cert(X509_STORE_CTX *ctx)
 if (ctx->untrusted != NULL
 && (sktmp = sk_X509_dup(ctx->untrusted)) == NULL) {
 X509err(X509_F_X509_VERIFY_CERT, ERR_R_MALLOC_FAILURE);
+ctx->error = X509_V_ERR_OUT_OF_MEM;
 ok = -1;
 goto err;
 }
@@ -253,8 +257,10 @@ int X509_verify_cert(X509_STORE_CTX *ctx)
  */
 if (ctx->param->flags & X509_V_FLAG_TRUSTED_FIRST) {
 ok = ctx->get_issuer(, ctx, x);
-if (ok < 0)
+if (ok < 0) {
+ctx->error = X509_V_ERR_STORE_LOOKUP;
 goto err;
+}
 /*
  * If successful for now free up cert so it will be picked up
  * again later.
@@ -271,6 +277,7 @@ int X509_verify_cert(X509_STORE_CTX *ctx)
 if (xtmp != NULL) {
 if (!sk_X509_push(ctx->chain, xtmp)) {
 X509err(X509_F_X509_VERIFY_CERT, ERR_R_MALLOC_FAILURE);
+ctx->error = X509_V_ERR_OUT_OF_MEM;
 ok = -1;
 goto err;
 }
@@ -352,14 +359,17 @@ int X509_verify_cert(X509_STORE_CTX *ctx)
 break;
 ok = ctx->get_issuer(, ctx, x);
 
-if (ok < 0)
+if (ok < 0) {
+ctx->error = X509_V_ERR_STORE_LOOKUP;
 goto err;
+

[openssl-commits] [openssl] master update

2016-05-19 Thread Viktor Dukhovni 
The branch master has been updated
   via  e64b5557814e2c9eb1aca111936cb8ac151dfceb (commit)
  from  f75b34c8c81d7277fa002120d4c8dc36c39d1ff5 (commit)


- Log -
commit e64b5557814e2c9eb1aca111936cb8ac151dfceb
Author: Ben Laurie 
Date:   Wed May 18 17:20:07 2016 +0100

ok was uninitialised on failure.

Reviewed-by: Rich Salz 
Reviewed-by: Andy Polyakov 

---

Summary of changes:
 crypto/objects/obj_dat.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/crypto/objects/obj_dat.c b/crypto/objects/obj_dat.c
index 820c275..3b836fe 100644
--- a/crypto/objects/obj_dat.c
+++ b/crypto/objects/obj_dat.c
@@ -680,7 +680,7 @@ int OBJ_create_objects(BIO *in)
 int OBJ_create(const char *oid, const char *sn, const char *ln)
 {
 ASN1_OBJECT *tmpoid = NULL;
-int ok;
+int ok = 0;
 
 /* Check to see if short or long name already present */
 if (OBJ_sn2nid(sn) != NID_undef || OBJ_ln2nid(ln) != NID_undef) {
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] master update

2016-05-18 Thread Viktor Dukhovni 
The branch master has been updated
   via  f75b34c8c81d7277fa002120d4c8dc36c39d1ff5 (commit)
  from  a5a3722bc185b2b183dcaafaf17b3d07a5fa (commit)


- Log -
commit f75b34c8c81d7277fa002120d4c8dc36c39d1ff5
Author: Viktor Dukhovni <openssl-us...@dukhovni.org>
Date:   Fri May 13 00:36:56 2016 -0400

When strict SCT fails record verification failure

Since with SSL_VERIFY_NONE, the connection may continue and the
session may even be cached, we should save some evidence that the
chain was not sufficiently verified and would have been rejected
with SSL_VERIFY_PEER.  To that end when a CT callback returs failure
we set the verify result to X509_V_ERR_NO_VALID_SCTS.

Note: We only run the CT callback in the first place if the verify
result is still X509_V_OK prior to start of the callback.

RT #4502

Reviewed-by: Tim Hudson <t...@openssl.org>

---

Summary of changes:
 crypto/x509/x509_txt.c |  2 ++
 doc/ssl/SSL_CTX_set_ct_validation_callback.pod | 31 +-
 include/openssl/x509_vfy.h |  3 ++-
 ssl/ssl_lib.c  | 17 ++
 4 files changed, 41 insertions(+), 12 deletions(-)

diff --git a/crypto/x509/x509_txt.c b/crypto/x509/x509_txt.c
index 5341e79..ae54de1 100644
--- a/crypto/x509/x509_txt.c
+++ b/crypto/x509/x509_txt.c
@@ -165,6 +165,8 @@ const char *X509_verify_cert_error_string(long n)
 return ("Invalid certificate verification context");
 case X509_V_ERR_STORE_LOOKUP:
 return ("Issuer certificate lookup error");
+case X509_V_ERR_NO_VALID_SCTS:
+return ("Certificate Transparency required, but no valid SCTs found");
 
 default:
 /* Printing an error number into a static buffer is not thread-safe */
diff --git a/doc/ssl/SSL_CTX_set_ct_validation_callback.pod 
b/doc/ssl/SSL_CTX_set_ct_validation_callback.pod
index ec51c75..bcd68d3 100644
--- a/doc/ssl/SSL_CTX_set_ct_validation_callback.pod
+++ b/doc/ssl/SSL_CTX_set_ct_validation_callback.pod
@@ -33,21 +33,29 @@ The behaviour of the callback is determined by the 
B argument,
 which can be either of B or
 B as described below.
 
+If B is equal to B, then in a full
+TLS handshake with the verification mode set to B, if the peer
+presents no valid SCTs the handshake will be aborted.
+If the verification mode is B, the handshake will continue
+despite lack of valid SCTs.
+However, in that case if the verification status before the built-in callback
+was B it will be set to B after the
+callback.
+Applications can call L<SSL_get_verify_result(3)> to check the status at
+handshake completion, even after session resumption since the verification
+status is part of the saved session state.
+See L<SSL_set_verify(3)>, <SSL_get_verify_result(3)>, L<SSL_session_reused(3)>.
+
 If B is equal to B, then the
-handshake continues regardless of the validation status of any SCTs.
-The application can inspect the validation status of the SCTs at handshake
-completion.
+handshake continues, and the verification status is not modified, regardless of
+the validation status of any SCTs.
+The application can still inspect the validation status of the SCTs at
+handshake completion.
 Note that with session resumption there will not be any SCTs presented during
 the handshake.
 Therefore, in applications that delay SCT policy enforcement until after
-handshake completion, SCT checks should only be performed when the session is
-not reused.
-See L<SSL_session_reused(3)>.
-
-If B is equal to B, then in a full
-TLS handshake with the verification mode set to B, if the peer
-presents no valid SCTs the handshake will be aborted.
-See L<SSL_set_verify(3)>.
+handshake completion, such delayed SCT checks should only be performed when the
+session is not resumed.
 
 SSL_set_ct_validation_callback() and SSL_CTX_set_ct_validation_callback()
 register a custom callback that may implement a different policy than either of
@@ -112,6 +120,7 @@ callback) is set.
 =head1 SEE ALSO
 
 L<ssl(3)>,
+<SSL_get_verify_result(3)>,
 L<SSL_session_reused(3)>,
 L<SSL_set_verify(3)>,
 L<SSL_CTX_set_verify(3)>,
diff --git a/include/openssl/x509_vfy.h b/include/openssl/x509_vfy.h
index 44f1f16..3adfaa3 100644
--- a/include/openssl/x509_vfy.h
+++ b/include/openssl/x509_vfy.h
@@ -158,11 +158,12 @@ void X509_STORE_CTX_set_depth(X509_STORE_CTX *ctx, int 
depth);
 # define X509_V_ERR_EE_KEY_TOO_SMALL 66
 # define X509_V_ERR_CA_KEY_TOO_SMALL 67
 # define X509_V_ERR_CA_MD_TOO_WEAK   68
-
 /* Caller error */
 # define X509_V_ERR_INVALID_CALL 69
 /* Issuer looku

[openssl-commits] [openssl] master update

2016-05-18 Thread Viktor Dukhovni 
The branch master has been updated
   via  a5a3722bc185b2b183dcaafaf17b3d07a5fa (commit)
   via  67787844f11fd7614bb26452fda1a1de3ed005ef (commit)
  from  276fa9bda99d12666441277afa39f81ae374437d (commit)


- Log -
commit a5a3722bc185b2b183dcaafaf17b3d07a5fa
Author: Viktor Dukhovni <openssl-us...@dukhovni.org>
Date:   Sun Apr 24 19:50:45 2016 -0400

make update

Reviewed-by: Dr. Stephen Henson <st...@openssl.org>

commit 67787844f11fd7614bb26452fda1a1de3ed005ef
Author: Viktor Dukhovni <openssl-us...@dukhovni.org>
Date:   Sun Apr 24 19:48:50 2016 -0400

Improve and document low-level PEM read routines

PEM_read(), PEM_read_bio(), PEM_get_EVP_CIPHER_INFO() and
PEM_do_header().

Reviewed-by: Dr. Stephen Henson <st...@openssl.org>

---

Summary of changes:
 crypto/pem/pem_err.c|   9 +--
 crypto/pem/pem_lib.c| 157 ++--
 doc/crypto/pem_read.pod |  90 +++
 include/openssl/pem.h   |   3 +
 4 files changed, 196 insertions(+), 63 deletions(-)
 create mode 100644 doc/crypto/pem_read.pod

diff --git a/crypto/pem/pem_err.c b/crypto/pem/pem_err.c
index 0d3c3e6..2282e06 100644
--- a/crypto/pem/pem_err.c
+++ b/crypto/pem/pem_err.c
@@ -82,23 +82,24 @@ static ERR_STRING_DATA PEM_str_reasons[] = {
  "error converting private key"},
 {ERR_REASON(PEM_R_EXPECTING_PRIVATE_KEY_BLOB),
  "expecting private key blob"},
-{ERR_REASON(PEM_R_EXPECTING_PUBLIC_KEY_BLOB),
- "expecting public key blob"},
+{ERR_REASON(PEM_R_EXPECTING_PUBLIC_KEY_BLOB), "expecting public key blob"},
+{ERR_REASON(PEM_R_HEADER_TOO_LONG), "header too long"},
 {ERR_REASON(PEM_R_INCONSISTENT_HEADER), "inconsistent header"},
 {ERR_REASON(PEM_R_KEYBLOB_HEADER_PARSE_ERROR),
  "keyblob header parse error"},
 {ERR_REASON(PEM_R_KEYBLOB_TOO_SHORT), "keyblob too short"},
+{ERR_REASON(PEM_R_MISSING_DEK_IV), "missing dek iv"},
 {ERR_REASON(PEM_R_NOT_DEK_INFO), "not dek info"},
 {ERR_REASON(PEM_R_NOT_ENCRYPTED), "not encrypted"},
 {ERR_REASON(PEM_R_NOT_PROC_TYPE), "not proc type"},
 {ERR_REASON(PEM_R_NO_START_LINE), "no start line"},
-{ERR_REASON(PEM_R_PROBLEMS_GETTING_PASSWORD),
- "problems getting password"},
+{ERR_REASON(PEM_R_PROBLEMS_GETTING_PASSWORD), "problems getting password"},
 {ERR_REASON(PEM_R_PUBLIC_KEY_NO_RSA), "public key no rsa"},
 {ERR_REASON(PEM_R_PVK_DATA_TOO_SHORT), "pvk data too short"},
 {ERR_REASON(PEM_R_PVK_TOO_SHORT), "pvk too short"},
 {ERR_REASON(PEM_R_READ_KEY), "read key"},
 {ERR_REASON(PEM_R_SHORT_HEADER), "short header"},
+{ERR_REASON(PEM_R_UNEXPECTED_DEK_IV), "unexpected dek iv"},
 {ERR_REASON(PEM_R_UNSUPPORTED_CIPHER), "unsupported cipher"},
 {ERR_REASON(PEM_R_UNSUPPORTED_ENCRYPTION), "unsupported encryption"},
 {ERR_REASON(PEM_R_UNSUPPORTED_KEY_COMPONENTS),
diff --git a/crypto/pem/pem_lib.c b/crypto/pem/pem_lib.c
index 5686554..42b46dc 100644
--- a/crypto/pem/pem_lib.c
+++ b/crypto/pem/pem_lib.c
@@ -9,6 +9,7 @@
 
 #include 
 #include 
+#include 
 #include "internal/cryptlib.h"
 #include 
 #include 
@@ -389,115 +390,153 @@ int PEM_ASN1_write_bio(i2d_of_void *i2d, const char 
*name, BIO *bp,
 int PEM_do_header(EVP_CIPHER_INFO *cipher, unsigned char *data, long *plen,
   pem_password_cb *callback, void *u)
 {
-int i = 0, j, o, klen;
-long len;
+int ok;
+int keylen;
+long len = *plen;
+int ilen = (int) len;   /* EVP_DecryptUpdate etc. take int lengths */
 EVP_CIPHER_CTX *ctx;
 unsigned char key[EVP_MAX_KEY_LENGTH];
 char buf[PEM_BUFSIZE];
 
-len = *plen;
+#if LONG_MAX > INT_MAX
+/* Check that we did not truncate the length */
+if (len > INT_MAX) {
+PEMerr(PEM_F_PEM_DO_HEADER, PEM_R_HEADER_TOO_LONG);
+return 0;
+}
+#endif
 
 if (cipher->cipher == NULL)
-return (1);
+return 1;
 if (callback == NULL)
-klen = PEM_def_callback(buf, PEM_BUFSIZE, 0, u);
+keylen = PEM_def_callback(buf, PEM_BUFSIZE, 0, u);
 else
-klen = callback(buf, PEM_BUFSIZE, 0, u);
-if (klen <= 0) {
+keylen = callback(buf, PEM_BUFSIZE, 0, u);
+if (keylen <= 0) {
 PEMerr(PEM_F_PEM_DO_HEADER, PEM_R_BAD_PASSWORD_READ);
-return (0);
+return 0;
 }
 #ifdef CHARSET_EBCDIC
 /* Convert the pass phrase from EBCDIC */
-ebcdic2ascii(buf, buf, klen);
+ebcdic2ascii(buf, buf, keylen);
 #endif
 
 if (!EVP_BytesToKey(cipher->cipher, EVP_m

[openssl-commits] [openssl] master update

2016-05-18 Thread Viktor Dukhovni 
The branch master has been updated
   via  f3e235ed6faa82170d857fdec3287558eb906c58 (commit)
   via  5fba3912cc770bb035accb390653bda1a795f39e (commit)
  from  872759053b3990dac362c1fa561fc127e1de5924 (commit)


- Log -
commit f3e235ed6faa82170d857fdec3287558eb906c58
Author: Viktor Dukhovni <openssl-us...@dukhovni.org>
Date:   Tue May 17 13:40:57 2016 -0400

Ensure verify error is set when X509_verify_cert() fails

Set ctx->error = X509_V_ERR_OUT_OF_MEM when verificaiton cannot
continue due to malloc failure.  Also, when X509_verify_cert()
returns <= 0 make sure that the verification status does not remain
X509_V_OK, as a last resort set it it to X509_V_ERR_UNSPECIFIED,
just in case some code path returns an error without setting an
appropriate value of ctx->error.

Reviewed-by: Richard Levitte <levi...@openssl.org>

commit 5fba3912cc770bb035accb390653bda1a795f39e
Author: Viktor Dukhovni <openssl-us...@dukhovni.org>
Date:   Mon May 16 21:38:03 2016 -0400

Clarify negative return from X509_verify_cert()

Reviewed-by: Richard Levitte <levi...@openssl.org>

---

Summary of changes:
 crypto/x509/x509_txt.c  |  4 
 crypto/x509/x509_vfy.c  | 47 +
 crypto/x509v3/v3_addr.c |  6 ++
 doc/crypto/X509_verify_cert.pod | 13 ++--
 include/openssl/x509_vfy.h  |  5 +
 ssl/statem/statem_lib.c | 10 +
 6 files changed, 70 insertions(+), 15 deletions(-)

diff --git a/crypto/x509/x509_txt.c b/crypto/x509/x509_txt.c
index 293efcf..5341e79 100644
--- a/crypto/x509/x509_txt.c
+++ b/crypto/x509/x509_txt.c
@@ -161,6 +161,10 @@ const char *X509_verify_cert_error_string(long n)
 return ("CA certificate key too weak");
 case X509_V_ERR_CA_MD_TOO_WEAK:
 return ("CA signature digest algorithm too weak");
+case X509_V_ERR_INVALID_CALL:
+return ("Invalid certificate verification context");
+case X509_V_ERR_STORE_LOOKUP:
+return ("Issuer certificate lookup error");
 
 default:
 /* Printing an error number into a static buffer is not thread-safe */
diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c
index 866aa39..a5e7789 100644
--- a/crypto/x509/x509_vfy.c
+++ b/crypto/x509/x509_vfy.c
@@ -251,9 +251,11 @@ static int verify_chain(X509_STORE_CTX *ctx)
 int X509_verify_cert(X509_STORE_CTX *ctx)
 {
 SSL_DANE *dane = ctx->dane;
+int ret;
 
 if (ctx->cert == NULL) {
 X509err(X509_F_X509_VERIFY_CERT, X509_R_NO_CERT_SET_FOR_US_TO_VERIFY);
+ctx->error = X509_V_ERR_INVALID_CALL;
 return -1;
 }
 
@@ -263,6 +265,7 @@ int X509_verify_cert(X509_STORE_CTX *ctx)
  * cannot do another one.
  */
 X509err(X509_F_X509_VERIFY_CERT, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+ctx->error = X509_V_ERR_INVALID_CALL;
 return -1;
 }
 
@@ -273,6 +276,7 @@ int X509_verify_cert(X509_STORE_CTX *ctx)
 if (((ctx->chain = sk_X509_new_null()) == NULL) ||
 (!sk_X509_push(ctx->chain, ctx->cert))) {
 X509err(X509_F_X509_VERIFY_CERT, ERR_R_MALLOC_FAILURE);
+ctx->error = X509_V_ERR_OUT_OF_MEM;
 return -1;
 }
 X509_up_ref(ctx->cert);
@@ -283,15 +287,19 @@ int X509_verify_cert(X509_STORE_CTX *ctx)
 !verify_cb_cert(ctx, ctx->cert, 0, X509_V_ERR_EE_KEY_TOO_SMALL))
 return 0;
 
+if (DANETLS_ENABLED(dane))
+ret = dane_verify(ctx);
+else
+ret = verify_chain(ctx);
+
 /*
- * If dane->trecs is an empty stack, we'll fail, since the user enabled
- * DANE.  If none of the TLSA records were usable, and it makes sense to
- * keep going with an unauthenticated handshake, they can handle that in
- * the verify callback, or not set SSL_VERIFY_PEER.
+ * Safety-net.  If we are returning an error, we must also set ctx->error,
+ * so that the chain is not considered verified should the error be ignored
+ * (e.g. TLS with SSL_VERIFY_NONE).
  */
-if (DANETLS_ENABLED(dane))
-return dane_verify(ctx);
-return verify_chain(ctx);
+if (ret <= 0 && ctx->error == X509_V_OK)
+ctx->error = X509_V_ERR_UNSPECIFIED;
+return ret;
 }
 
 /*
@@ -562,8 +570,16 @@ static int check_name_constraints(X509_STORE_CTX *ctx)
 if (nc) {
 int rv = NAME_CONSTRAINTS_check(x, nc);
 
-if (rv != X509_V_OK && !verify_cb_cert(ctx, x, i, rv))
+switch (rv) {
+case X509_V_OK:
+break;
+case X509_V_ERR_OUT_OF_MEM:
 return 0;
+default:
+if (!verify_cb_cert(ctx, x,

[openssl-commits] [openssl] master update

2016-05-16 Thread Viktor Dukhovni 
The branch master has been updated
   via  5c4328f04f63bc288d4e069e1453ab18b0309f16 (commit)
  from  b160f2823fb3bafdf8728ea251aab0d07888b934 (commit)


- Log -
commit 5c4328f04f63bc288d4e069e1453ab18b0309f16
Author: Viktor Dukhovni <openssl-us...@dukhovni.org>
Date:   Sun May 15 13:02:17 2016 -0400

Fold threads.h into crypto.h making API public

Document thread-safe lock creation

Reviewed-by: Richard Levitte <levi...@openssl.org>

---

Summary of changes:
 crypto/async/async.c   |  1 -
 crypto/bio/b_addr.c|  2 +-
 crypto/bn/bn_blind.c   |  1 -
 crypto/engine/eng_int.h|  1 -
 crypto/err/err.c   |  1 -
 crypto/err/err_prn.c   |  1 -
 crypto/ex_data.c   |  1 -
 crypto/init.c  |  1 -
 crypto/mem_dbg.c   |  1 -
 crypto/mem_sec.c   |  1 -
 crypto/rand/md_rand.c  |  1 -
 crypto/threads_none.c  |  1 -
 crypto/threads_pthread.c   |  1 -
 crypto/threads_win.c   |  1 -
 crypto/x509/by_dir.c   |  1 -
 doc/crypto/threads.pod | 61 +-
 include/internal/threads.h | 92 --
 include/openssl/crypto.h   | 38 +++
 ssl/ssl_cert.c |  2 +-
 ssl/ssl_ciph.c |  2 +-
 ssl/ssl_init.c |  1 -
 test/ssltest_old.c |  1 -
 test/threadstest.c |  1 -
 util/mkdef.pl  |  1 -
 24 files changed, 101 insertions(+), 114 deletions(-)
 delete mode 100644 include/internal/threads.h

diff --git a/crypto/async/async.c b/crypto/async/async.c
index b4ba561..719379e 100644
--- a/crypto/async/async.c
+++ b/crypto/async/async.c
@@ -61,7 +61,6 @@
 /* This must be the first #include file */
 #include "async_locl.h"
 
-#include 
 #include 
 #include 
 #include 
diff --git a/crypto/bio/b_addr.c b/crypto/bio/b_addr.c
index 1813f5a..356ab11 100644
--- a/crypto/bio/b_addr.c
+++ b/crypto/bio/b_addr.c
@@ -55,7 +55,7 @@
 #include 
 
 #include "bio_lcl.h"
-#include "internal/threads.h"
+#include 
 
 #ifndef OPENSSL_NO_SOCK
 #include 
diff --git a/crypto/bn/bn_blind.c b/crypto/bn/bn_blind.c
index 81b895c..fcc4db5 100644
--- a/crypto/bn/bn_blind.c
+++ b/crypto/bn/bn_blind.c
@@ -110,7 +110,6 @@
 
 #include 
 #include "internal/cryptlib.h"
-#include "internal/threads.h"
 #include "bn_lcl.h"
 
 #define BN_BLINDING_COUNTER 32
diff --git a/crypto/engine/eng_int.h b/crypto/engine/eng_int.h
index b175295..36bc933 100644
--- a/crypto/engine/eng_int.h
+++ b/crypto/engine/eng_int.h
@@ -65,7 +65,6 @@
 # define HEADER_ENGINE_INT_H
 
 # include "internal/cryptlib.h"
-# include "internal/threads.h"
 # include 
 
 #ifdef  __cplusplus
diff --git a/crypto/err/err.c b/crypto/err/err.c
index fd2ea81..f1a80c0 100644
--- a/crypto/err/err.c
+++ b/crypto/err/err.c
@@ -112,7 +112,6 @@
 #include 
 #include 
 #include 
-#include 
 #include 
 #include 
 #include 
diff --git a/crypto/err/err_prn.c b/crypto/err/err_prn.c
index 0f7d40c..1cbec54 100644
--- a/crypto/err/err_prn.c
+++ b/crypto/err/err_prn.c
@@ -57,7 +57,6 @@
 
 #include 
 #include "internal/cryptlib.h"
-#include "internal/threads.h"
 #include 
 #include 
 #include 
diff --git a/crypto/ex_data.c b/crypto/ex_data.c
index ca1c204..2570736 100644
--- a/crypto/ex_data.c
+++ b/crypto/ex_data.c
@@ -109,7 +109,6 @@
  */
 
 #include "internal/cryptlib_int.h"
-#include "internal/threads.h"
 #include 
 
 /*
diff --git a/crypto/init.c b/crypto/init.c
index 938bf78..90ab6df 100644
--- a/crypto/init.c
+++ b/crypto/init.c
@@ -55,7 +55,6 @@
  *
  */
 
-#include 
 #include 
 #include 
 #include 
diff --git a/crypto/mem_dbg.c b/crypto/mem_dbg.c
index 2b8cf73..0df050d 100644
--- a/crypto/mem_dbg.c
+++ b/crypto/mem_dbg.c
@@ -112,7 +112,6 @@
 #include 
 #include 
 #include "internal/cryptlib.h"
-#include "internal/threads.h"
 #include 
 #include 
 #include "internal/bio.h"
diff --git a/crypto/mem_sec.c b/crypto/mem_sec.c
index d61d945..31fcee6 100644
--- a/crypto/mem_sec.c
+++ b/crypto/mem_sec.c
@@ -25,7 +25,6 @@
 # include 
 # include 
 # include 
-# include "internal/threads.h"
 #endif
 
 #define CLEAR(p, s) OPENSSL_cleanse(p, s)
diff --git a/crypto/rand/md_rand.c b/crypto/rand/md_rand.c
index e9574b0..74beda8 100644
--- a/crypto/rand/md_rand.c
+++ b/crypto/rand/md_rand.c
@@ -125,7 +125,6 @@
 #include 
 #include 
 #include "rand_lcl.h"
-#include "internal/threads.h"
 
 #include 
 
diff --git a/crypto/threads_none.c b/crypto/threads_none.c
index 4e3b7a5..bd92b82 100644
--- a/crypto/threads_none.c
+++ b/crypto/threads_none.c
@@ -48,7 +48,6 @@
  */
 
 #include 
-#include "internal/threads.h"
 
 #if !defined(OPENSSL_THREADS) || defined(CRYPTO_TDEBUG)

[openssl-commits] [openssl] master update

2016-05-11 Thread Viktor Dukhovni 
The branch master has been updated
   via  7ad5fb6267e9da1634998bf2eccaa753f443fa83 (commit)
  from  f2b9c257216a27b568b3d5d703ca5bdd926c5c28 (commit)


- Log -
commit 7ad5fb6267e9da1634998bf2eccaa753f443fa83
Author: Viktor Dukhovni <openssl-us...@dukhovni.org>
Date:   Wed May 11 18:01:41 2016 -0400

Fix TLSProxy race by adding missing eval

Reviewed-by: Richard Levitte <levi...@openssl.org>

---

Summary of changes:
 util/TLSProxy/Proxy.pm | 14 --
 1 file changed, 8 insertions(+), 6 deletions(-)

diff --git a/util/TLSProxy/Proxy.pm b/util/TLSProxy/Proxy.pm
index aafd902..950fd90 100644
--- a/util/TLSProxy/Proxy.pm
+++ b/util/TLSProxy/Proxy.pm
@@ -226,12 +226,14 @@ sub clientstart
 do {
 my $servaddr = $self->server_addr;
 $servaddr =~ s/[\[\]]//g; # Remove [ and ]
-$server_sock = $IP_factory->(
-PeerAddr => $servaddr,
-PeerPort => $self->server_port,
-MultiHomed => 1,
-Proto => 'tcp'
-);
+eval {
+$server_sock = $IP_factory->(
+PeerAddr => $servaddr,
+PeerPort => $self->server_port,
+MultiHomed => 1,
+Proto => 'tcp'
+);
+};
 
 $retry--;
 if ($@ || !defined($server_sock)) {
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] OpenSSL_1_0_2-stable update

2016-05-10 Thread Viktor Dukhovni 
The branch OpenSSL_1_0_2-stable has been updated
   via  36c37944909496a123e2656ad1f651769a7cc72f (commit)
  from  74d6762543335641e4155fd84deaba67cd0105e4 (commit)


- Log -
commit 36c37944909496a123e2656ad1f651769a7cc72f
Author: Viktor Dukhovni <openssl-us...@dukhovni.org>
Date:   Mon May 2 15:00:21 2016 -0400

Fix i2d_X509_AUX and update docs

When *pp is NULL, don't write garbage, return an unexpected pointer
or leak memory on error.

Reviewed-by: Dr. Stephen Henson <st...@openssl.org>

---

Summary of changes:
 crypto/asn1/x_x509.c| 54 +++--
 doc/crypto/d2i_X509.pod | 14 -
 2 files changed, 65 insertions(+), 3 deletions(-)

diff --git a/crypto/asn1/x_x509.c b/crypto/asn1/x_x509.c
index e31e1e7..aada4a8 100644
--- a/crypto/asn1/x_x509.c
+++ b/crypto/asn1/x_x509.c
@@ -199,12 +199,26 @@ X509 *d2i_X509_AUX(X509 **a, const unsigned char **pp, 
long length)
 return NULL;
 }
 
-int i2d_X509_AUX(X509 *a, unsigned char **pp)
+/*
+ * Serialize trusted certificate to *pp or just return the required buffer
+ * length if pp == NULL.  We ultimately want to avoid modifying *pp in the
+ * error path, but that depends on similar hygiene in lower-level functions.
+ * Here we avoid compounding the problem.
+ */
+static int i2d_x509_aux_internal(X509 *a, unsigned char **pp)
 {
 int length, tmplen;
 unsigned char *start = pp != NULL ? *pp : NULL;
+
+OPENSSL_assert(pp == NULL || *pp != NULL);
+
+/*
+ * This might perturb *pp on error, but fixing that belongs in i2d_X509()
+ * not here.  It should be that if a == NULL length is zero, but we check
+ * both just in case.
+ */
 length = i2d_X509(a, pp);
-if (length < 0 || a == NULL)
+if (length <= 0 || a == NULL)
 return length;
 
 tmplen = i2d_X509_CERT_AUX(a->aux, pp);
@@ -218,6 +232,42 @@ int i2d_X509_AUX(X509 *a, unsigned char **pp)
 return length;
 }
 
+/*
+ * Serialize trusted certificate to *pp, or just return the required buffer
+ * length if pp == NULL.
+ *
+ * When pp is not NULL, but *pp == NULL, we allocate the buffer, but since
+ * we're writing two ASN.1 objects back to back, we can't have i2d_X509() do
+ * the allocation, nor can we allow i2d_X509_CERT_AUX() to increment the
+ * allocated buffer.
+ */
+int i2d_X509_AUX(X509 *a, unsigned char **pp)
+{
+int length;
+unsigned char *tmp;
+
+/* Buffer provided by caller */
+if (pp == NULL || *pp != NULL)
+return i2d_x509_aux_internal(a, pp);
+
+/* Obtain the combined length */
+if ((length = i2d_x509_aux_internal(a, NULL)) <= 0)
+return length;
+
+/* Allocate requisite combined storage */
+*pp = tmp = OPENSSL_malloc(length);
+if (tmp == NULL)
+return -1; /* Push error onto error stack? */
+
+/* Encode, but keep *pp at the originally malloced pointer */
+length = i2d_x509_aux_internal(a, );
+if (length <= 0) {
+OPENSSL_free(*pp);
+*pp = NULL;
+}
+return length;
+}
+
 int i2d_re_X509_tbs(X509 *x, unsigned char **pp)
 {
 x->cert_info->enc.modified = 1;
diff --git a/doc/crypto/d2i_X509.pod b/doc/crypto/d2i_X509.pod
index 5b7c16f..2743bc7 100644
--- a/doc/crypto/d2i_X509.pod
+++ b/doc/crypto/d2i_X509.pod
@@ -9,8 +9,10 @@ i2d_X509_fp - X509 encode and decode functions
 
  #include 
 
- X509 *d2i_X509(X509 **px, const unsigned char **in, int len);
+ X509 *d2i_X509(X509 **px, const unsigned char **in, long len);
+ X509 *d2i_X509_AUX(X509 **px, const unsigned char **in, long len);
  int i2d_X509(X509 *x, unsigned char **out);
+ int i2d_X509_AUX(X509 *x, unsigned char **out);
 
  X509 *d2i_X509_bio(BIO *bp, X509 **x);
  X509 *d2i_X509_fp(FILE *fp, X509 **x);
@@ -37,6 +39,11 @@ below, and the discussion in the RETURN VALUES section).
 If the call is successful B<*in> is incremented to the byte following the
 parsed data.
 
+d2i_X509_AUX() is similar to d2i_X509() but the input is expected to consist of
+an X509 certificate followed by auxiliary trust information.
+This is used by the PEM routines to read "TRUSTED CERTIFICATE" objects.
+This function should not be called on untrusted input.
+
 i2d_X509() encodes the structure pointed to by B into DER format.
 If B is not B is writes the DER encoded data to the buffer
 at B<*out>, and increments it to point after the data just written.
@@ -48,6 +55,11 @@ allocated for a buffer and the encoded data written to it. 
In this
 case B<*out> is not incremented and it points to the start of the
 data just written.
 
+i2d_X509_AUX() is similar to i2d_X509(), but the encoded output contains both
+the certificate and any auxiliary trust information.
+This is used by the PEM routines to write "TRUSTED CERTIFICATE" objects.
+Note, this is a

[openssl-commits] [openssl] master update

2016-05-10 Thread Viktor Dukhovni 
The branch master has been updated
   via  fde2257f055f187e8e78542ea6d64ad6c206d10b (commit)
  from  9b5164ce7788d6985b005e410bb7b53bd553c99e (commit)


- Log -
commit fde2257f055f187e8e78542ea6d64ad6c206d10b
Author: Viktor Dukhovni <openssl-us...@dukhovni.org>
Date:   Mon May 2 14:46:51 2016 -0400

Fix i2d_X509_AUX, update docs and add tests

When *pp is NULL, don't write garbage, return an unexpected pointer
or leak memory on error.

Reviewed-by: Dr. Stephen Henson <st...@openssl.org>

---

Summary of changes:
 crypto/x509/x_x509.c   |  54 -
 doc/crypto/d2i_X509.pod|  14 +-
 test/build.info|   6 +-
 test/danetest.c|   5 +-
 test/recipes/{80-test_dane.t => 80-test_x509aux.t} |  11 +-
 test/x509aux.c | 226 +
 6 files changed, 305 insertions(+), 11 deletions(-)
 copy test/recipes/{80-test_dane.t => 80-test_x509aux.t} (65%)
 create mode 100644 test/x509aux.c

diff --git a/crypto/x509/x_x509.c b/crypto/x509/x_x509.c
index 043ab07..3eba360 100644
--- a/crypto/x509/x_x509.c
+++ b/crypto/x509/x_x509.c
@@ -181,12 +181,26 @@ X509 *d2i_X509_AUX(X509 **a, const unsigned char **pp, 
long length)
 return NULL;
 }
 
-int i2d_X509_AUX(X509 *a, unsigned char **pp)
+/*
+ * Serialize trusted certificate to *pp or just return the required buffer
+ * length if pp == NULL.  We ultimately want to avoid modifying *pp in the
+ * error path, but that depends on similar hygiene in lower-level functions.
+ * Here we avoid compounding the problem.
+ */
+static int i2d_x509_aux_internal(X509 *a, unsigned char **pp)
 {
 int length, tmplen;
 unsigned char *start = pp != NULL ? *pp : NULL;
+
+OPENSSL_assert(pp == NULL || *pp != NULL);
+
+/*
+ * This might perturb *pp on error, but fixing that belongs in i2d_X509()
+ * not here.  It should be that if a == NULL length is zero, but we check
+ * both just in case.
+ */
 length = i2d_X509(a, pp);
-if (length < 0 || a == NULL)
+if (length <= 0 || a == NULL)
 return length;
 
 tmplen = i2d_X509_CERT_AUX(a->aux, pp);
@@ -200,6 +214,42 @@ int i2d_X509_AUX(X509 *a, unsigned char **pp)
 return length;
 }
 
+/*
+ * Serialize trusted certificate to *pp, or just return the required buffer
+ * length if pp == NULL.
+ *
+ * When pp is not NULL, but *pp == NULL, we allocate the buffer, but since
+ * we're writing two ASN.1 objects back to back, we can't have i2d_X509() do
+ * the allocation, nor can we allow i2d_X509_CERT_AUX() to increment the
+ * allocated buffer.
+ */
+int i2d_X509_AUX(X509 *a, unsigned char **pp)
+{
+int length;
+unsigned char *tmp;
+
+/* Buffer provided by caller */
+if (pp == NULL || *pp != NULL)
+return i2d_x509_aux_internal(a, pp);
+
+/* Obtain the combined length */
+if ((length = i2d_x509_aux_internal(a, NULL)) <= 0)
+return length;
+
+/* Allocate requisite combined storage */
+*pp = tmp = OPENSSL_malloc(length);
+if (tmp == NULL)
+return -1; /* Push error onto error stack? */
+
+/* Encode, but keep *pp at the originally malloced pointer */
+length = i2d_x509_aux_internal(a, );
+if (length <= 0) {
+OPENSSL_free(*pp);
+*pp = NULL;
+}
+return length;
+}
+
 int i2d_re_X509_tbs(X509 *x, unsigned char **pp)
 {
 x->cert_info.enc.modified = 1;
diff --git a/doc/crypto/d2i_X509.pod b/doc/crypto/d2i_X509.pod
index 3cd2509..14b84f2 100644
--- a/doc/crypto/d2i_X509.pod
+++ b/doc/crypto/d2i_X509.pod
@@ -9,8 +9,10 @@ i2d_X509_fp - X509 encode and decode functions
 
  #include 
 
- X509 *d2i_X509(X509 **px, const unsigned char **in, int len);
+ X509 *d2i_X509(X509 **px, const unsigned char **in, long len);
+ X509 *d2i_X509_AUX(X509 **px, const unsigned char **in, long len);
  int i2d_X509(X509 *x, unsigned char **out);
+ int i2d_X509_AUX(X509 *x, unsigned char **out);
 
  X509 *d2i_X509_bio(BIO *bp, X509 **x);
  X509 *d2i_X509_fp(FILE *fp, X509 **x);
@@ -37,6 +39,11 @@ below, and the discussion in the RETURN VALUES section).
 If the call is successful B<*in> is incremented to the byte following the
 parsed data.
 
+d2i_X509_AUX() is similar to d2i_X509() but the input is expected to consist of
+an X509 certificate followed by auxiliary trust information.
+This is used by the PEM routines to read "TRUSTED CERTIFICATE" objects.
+This function should not be called on untrusted input.
+
 i2d_X509() encodes the structure pointed to by B into DER format.
 If B is not B is writes the DER encoded data to the buffer
 at B<*out>, and increments it to point after the data just written.
@@ -48,6 +55,11 @@ allocated for a buffer

[openssl-commits] [openssl] master update

2016-05-03 Thread Viktor Dukhovni 
The branch master has been updated
   via  7b7eb4725ead9440e5f68c999e0792098ea82239 (commit)
  from  fb015ca6f05e09b11a3932f89d25bae697c8af1e (commit)


- Log -
commit 7b7eb4725ead9440e5f68c999e0792098ea82239
Author: Viktor Dukhovni <openssl-us...@dukhovni.org>
Date:   Fri Apr 29 16:36:32 2016 -0400

Drop duplicate  ctx->verify_cb assignment

The right variant is ~18 lines below.

Reviewed-by: Matt Caswell <m...@openssl.org>

---

Summary of changes:
 crypto/x509/x509_vfy.c | 7 +++
 1 file changed, 3 insertions(+), 4 deletions(-)

diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c
index 2b17b29..6fc08c4 100644
--- a/crypto/x509/x509_vfy.c
+++ b/crypto/x509/x509_vfy.c
@@ -2171,11 +2171,10 @@ int X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE 
*store, X509 *x509,
 /* Zero ex_data to make sure we're cleanup-safe */
 memset(>ex_data, 0, sizeof(ctx->ex_data));
 
-if (store) {
-ctx->verify_cb = store->verify_cb;
-/* Seems to always be 0 in OpenSSL, else must be idempotent */
+/* store->cleanup is always 0 in OpenSSL, if set must be idempotent */
+if (store)
 ctx->cleanup = store->cleanup;
-} else
+else
 ctx->cleanup = 0;
 
 if (store && store->check_issued)
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] master update

2016-04-27 Thread Viktor Dukhovni 
The branch master has been updated
   via  4a397f5168d41ef4417f1430f2f5133b92f145b8 (commit)
  from  69664d6af0cdd7738f55d10fbbe46cdf15f72e0e (commit)


- Log -
commit 4a397f5168d41ef4417f1430f2f5133b92f145b8
Author: Viktor Dukhovni <openssl-us...@dukhovni.org>
Date:   Wed Apr 27 15:08:33 2016 -0400

Fix set0 reuse test

We must test for new object == current object, not !=.

Reviewed-by: Richard Levitte <levi...@openssl.org>

---

Summary of changes:
 crypto/dh/dh_lib.c   | 2 +-
 crypto/dsa/dsa_lib.c | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/crypto/dh/dh_lib.c b/crypto/dh/dh_lib.c
index 644508d..9db4576 100644
--- a/crypto/dh/dh_lib.c
+++ b/crypto/dh/dh_lib.c
@@ -303,7 +303,7 @@ int DH_set0_key(DH *dh, BIGNUM *pub_key, BIGNUM *priv_key)
  * as input parameters.
  */
 if (dh->pub_key == pub_key
-|| (dh->priv_key != NULL && priv_key != dh->priv_key))
+|| (dh->priv_key != NULL && priv_key == dh->priv_key))
 return 0;
 
 if (pub_key != NULL) {
diff --git a/crypto/dsa/dsa_lib.c b/crypto/dsa/dsa_lib.c
index 383b48b..7b751a9 100644
--- a/crypto/dsa/dsa_lib.c
+++ b/crypto/dsa/dsa_lib.c
@@ -358,7 +358,7 @@ int DSA_set0_key(DSA *d, BIGNUM *pub_key, BIGNUM *priv_key)
  * as input parameters.
  */
 if (d->pub_key == pub_key
-|| (d->priv_key != NULL && priv_key != d->priv_key))
+|| (d->priv_key != NULL && priv_key == d->priv_key))
 return 0;
 
 if (pub_key != NULL) {
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] master update

2016-04-27 Thread Viktor Dukhovni 
The branch master has been updated
   via  69664d6af0cdd7738f55d10fbbe46cdf15f72e0e (commit)
  from  4c5e6b2cb95a4332829af140e5edba965c9685ce (commit)


- Log -
commit 69664d6af0cdd7738f55d10fbbe46cdf15f72e0e
Author: Viktor Dukhovni <openssl-us...@dukhovni.org>
Date:   Tue Apr 26 14:17:57 2016 -0400

Future proof build_chain() in x509_vfy.c

Coverity reports a potential NULL deref when "2 0 0" DANE trust-anchors
from DNS are configured via SSL_dane_tlsa_add() and X509_STORE_CTX_init()
is called with a NULL stack of untrusted certificates.

Since ssl_verify_cert_chain() always provideds a non-NULL stack of
untrusted certs, and no other code path enables DANE, the problem
can only happen in applications that use SSL_CTX_set_cert_verify_callback()
to implement their own wrappers around X509_verify_cert() passing
only the leaf certificate to the latter.

Regardless of the "improbability" of the problem, we do need to
ensure that build_chain() handles this case correctly.

Reviewed-by: Matt Caswell <m...@openssl.org>

---

Summary of changes:
 crypto/x509/x509_vfy.c | 15 ++-
 1 file changed, 14 insertions(+), 1 deletion(-)

diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c
index b895ffe..30eabcb 100644
--- a/crypto/x509/x509_vfy.c
+++ b/crypto/x509/x509_vfy.c
@@ -2789,8 +2789,21 @@ static int build_chain(X509_STORE_CTX *ctx)
 return 0;
 }
 
-/* Include any untrusted full certificates from DNS */
+/*
+ * If we got any "DANE-TA(2) Cert(0) Full(0)" trust-anchors from DNS, add
+ * them to our working copy of the untrusted certificate stack.  Since the
+ * caller of X509_STORE_CTX_init() may have provided only a leaf cert with
+ * no corresponding stack of untrusted certificates, we may need to create
+ * an empty stack first.  [ At present only the ssl library provides DANE
+ * support, and ssl_verify_cert_chain() always provides a non-null stack
+ * containing at least the leaf certificate, but we must be prepared for
+ * this to change. ]
+ */
 if (DANETLS_ENABLED(dane) && dane->certs != NULL) {
+if (sktmp == NULL && (sktmp = sk_X509_new_null()) == NULL) {
+X509err(X509_F_BUILD_CHAIN, ERR_R_MALLOC_FAILURE);
+return 0;
+}
 for (i = 0; i < sk_X509_num(dane->certs); ++i) {
 if (!sk_X509_push(sktmp, sk_X509_value(dane->certs, i))) {
 sk_X509_free(sktmp);
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] OpenSSL_1_0_1-stable update

2016-04-22 Thread Viktor Dukhovni 
The branch OpenSSL_1_0_1-stable has been updated
   via  697283ba418b21c4c0682d7050264b492e2ea4e2 (commit)
  from  3d411057a5e28530fffc40b257698f453c89aa87 (commit)


- Log -
commit 697283ba418b21c4c0682d7050264b492e2ea4e2
Author: Viktor Dukhovni <openssl-us...@dukhovni.org>
Date:   Tue Apr 19 22:23:24 2016 -0400

Fix buffer overrun in ASN1_parse().

Backport of commits:

79c7f74d6cefd5d32fa20e69195ad3de834ce065
bdcd660e33710079b495cf5cc6a1aaa5d2dcd317

from master.

Reviewed-by: Matt Caswell <m...@openssl.org>

---

Summary of changes:
 crypto/asn1/asn1_lib.c | 18 +++---
 crypto/asn1/asn1_par.c | 17 +
 2 files changed, 20 insertions(+), 15 deletions(-)

diff --git a/crypto/asn1/asn1_lib.c b/crypto/asn1/asn1_lib.c
index 0b61fc9..54b683c 100644
--- a/crypto/asn1/asn1_lib.c
+++ b/crypto/asn1/asn1_lib.c
@@ -63,7 +63,7 @@
 #include 
 
 static int asn1_get_length(const unsigned char **pp, int *inf, long *rl,
-   int max);
+   long max);
 static void asn1_put_length(unsigned char **pp, int length);
 const char ASN1_version[] = "ASN.1" OPENSSL_VERSION_PTEXT;
 
@@ -131,7 +131,7 @@ int ASN1_get_object(const unsigned char **pp, long 
*plength, int *ptag,
 }
 *ptag = tag;
 *pclass = xclass;
-if (!asn1_get_length(, , plength, (int)max))
+if (!asn1_get_length(, , plength, max))
 goto err;
 
 if (inf && !(ret & V_ASN1_CONSTRUCTED))
@@ -159,14 +159,14 @@ int ASN1_get_object(const unsigned char **pp, long 
*plength, int *ptag,
 }
 
 static int asn1_get_length(const unsigned char **pp, int *inf, long *rl,
-   int max)
+   long max)
 {
 const unsigned char *p = *pp;
 unsigned long ret = 0;
-unsigned int i;
+unsigned long i;
 
 if (max-- < 1)
-return (0);
+return 0;
 if (*p == 0x80) {
 *inf = 1;
 ret = 0;
@@ -175,15 +175,11 @@ static int asn1_get_length(const unsigned char **pp, int 
*inf, long *rl,
 *inf = 0;
 i = *p & 0x7f;
 if (*(p++) & 0x80) {
-if (i > sizeof(long))
+if (i > sizeof(ret) || max < i)
 return 0;
-if (max-- == 0)
-return (0);
 while (i-- > 0) {
 ret <<= 8L;
 ret |= *(p++);
-if (max-- == 0)
-return (0);
 }
 } else
 ret = i;
@@ -192,7 +188,7 @@ static int asn1_get_length(const unsigned char **pp, int 
*inf, long *rl,
 return 0;
 *pp = p;
 *rl = (long)ret;
-return (1);
+return 1;
 }
 
 /*
diff --git a/crypto/asn1/asn1_par.c b/crypto/asn1/asn1_par.c
index 0ca985a..e85e339 100644
--- a/crypto/asn1/asn1_par.c
+++ b/crypto/asn1/asn1_par.c
@@ -173,6 +173,8 @@ static int asn1_parse2(BIO *bp, const unsigned char **pp, 
long length,
 if (!asn1_print_info(bp, tag, xclass, j, (indent) ? depth : 0))
 goto end;
 if (j & V_ASN1_CONSTRUCTED) {
+const unsigned char *sp;
+
 ep = p + len;
 if (BIO_write(bp, "\n", 1) <= 0)
 goto end;
@@ -182,6 +184,7 @@ static int asn1_parse2(BIO *bp, const unsigned char **pp, 
long length,
 goto end;
 }
 if ((j == 0x21) && (len == 0)) {
+sp = p;
 for (;;) {
 r = asn1_parse2(bp, , (long)(tot - p),
 offset + (p - *pp), depth + 1,
@@ -190,19 +193,25 @@ static int asn1_parse2(BIO *bp, const unsigned char **pp, 
long length,
 ret = 0;
 goto end;
 }
-if ((r == 2) || (p >= tot))
+if ((r == 2) || (p >= tot)) {
+len = p - sp;
 break;
+}
 }
-} else
+} else {
+long tmp = len;
+
 while (p < ep) {
-r = asn1_parse2(bp, , (long)len,
-offset + (p - *pp), depth + 1,
+sp = p;
+r = asn1_parse2(bp, , tmp, offset + (p - *pp), depth + 1,
 indent, dump);
 if (r == 0) {
 ret = 0;
 goto end;
 }
+tmp -= p - sp;
 }
+}
 } else if (xclass != 0) {
 p += len;
 if (BIO_write(bp, "\n", 1) <= 0)
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] OpenSSL_1_0_2-stable update

2016-04-22 Thread Viktor Dukhovni 
The branch OpenSSL_1_0_2-stable has been updated
   via  2442382e11c022aaab4fdc6975bd15d5a75c4db2 (commit)
  from  f32774087f7b3db1f789688368d16d917757421e (commit)


- Log -
commit 2442382e11c022aaab4fdc6975bd15d5a75c4db2
Author: Viktor Dukhovni <openssl-us...@dukhovni.org>
Date:   Tue Apr 19 22:23:24 2016 -0400

Fix buffer overrun in ASN1_parse().

Backport of commits:

79c7f74d6cefd5d32fa20e69195ad3de834ce065
bdcd660e33710079b495cf5cc6a1aaa5d2dcd317

from master.

Reviewed-by: Matt Caswell <m...@openssl.org>

---

Summary of changes:
 crypto/asn1/asn1_lib.c | 18 +++---
 crypto/asn1/asn1_par.c | 17 +
 2 files changed, 20 insertions(+), 15 deletions(-)

diff --git a/crypto/asn1/asn1_lib.c b/crypto/asn1/asn1_lib.c
index 0b61fc9..54b683c 100644
--- a/crypto/asn1/asn1_lib.c
+++ b/crypto/asn1/asn1_lib.c
@@ -63,7 +63,7 @@
 #include 
 
 static int asn1_get_length(const unsigned char **pp, int *inf, long *rl,
-   int max);
+   long max);
 static void asn1_put_length(unsigned char **pp, int length);
 const char ASN1_version[] = "ASN.1" OPENSSL_VERSION_PTEXT;
 
@@ -131,7 +131,7 @@ int ASN1_get_object(const unsigned char **pp, long 
*plength, int *ptag,
 }
 *ptag = tag;
 *pclass = xclass;
-if (!asn1_get_length(, , plength, (int)max))
+if (!asn1_get_length(, , plength, max))
 goto err;
 
 if (inf && !(ret & V_ASN1_CONSTRUCTED))
@@ -159,14 +159,14 @@ int ASN1_get_object(const unsigned char **pp, long 
*plength, int *ptag,
 }
 
 static int asn1_get_length(const unsigned char **pp, int *inf, long *rl,
-   int max)
+   long max)
 {
 const unsigned char *p = *pp;
 unsigned long ret = 0;
-unsigned int i;
+unsigned long i;
 
 if (max-- < 1)
-return (0);
+return 0;
 if (*p == 0x80) {
 *inf = 1;
 ret = 0;
@@ -175,15 +175,11 @@ static int asn1_get_length(const unsigned char **pp, int 
*inf, long *rl,
 *inf = 0;
 i = *p & 0x7f;
 if (*(p++) & 0x80) {
-if (i > sizeof(long))
+if (i > sizeof(ret) || max < i)
 return 0;
-if (max-- == 0)
-return (0);
 while (i-- > 0) {
 ret <<= 8L;
 ret |= *(p++);
-if (max-- == 0)
-return (0);
 }
 } else
 ret = i;
@@ -192,7 +188,7 @@ static int asn1_get_length(const unsigned char **pp, int 
*inf, long *rl,
 return 0;
 *pp = p;
 *rl = (long)ret;
-return (1);
+return 1;
 }
 
 /*
diff --git a/crypto/asn1/asn1_par.c b/crypto/asn1/asn1_par.c
index 0ca985a..e85e339 100644
--- a/crypto/asn1/asn1_par.c
+++ b/crypto/asn1/asn1_par.c
@@ -173,6 +173,8 @@ static int asn1_parse2(BIO *bp, const unsigned char **pp, 
long length,
 if (!asn1_print_info(bp, tag, xclass, j, (indent) ? depth : 0))
 goto end;
 if (j & V_ASN1_CONSTRUCTED) {
+const unsigned char *sp;
+
 ep = p + len;
 if (BIO_write(bp, "\n", 1) <= 0)
 goto end;
@@ -182,6 +184,7 @@ static int asn1_parse2(BIO *bp, const unsigned char **pp, 
long length,
 goto end;
 }
 if ((j == 0x21) && (len == 0)) {
+sp = p;
 for (;;) {
 r = asn1_parse2(bp, , (long)(tot - p),
 offset + (p - *pp), depth + 1,
@@ -190,19 +193,25 @@ static int asn1_parse2(BIO *bp, const unsigned char **pp, 
long length,
 ret = 0;
 goto end;
 }
-if ((r == 2) || (p >= tot))
+if ((r == 2) || (p >= tot)) {
+len = p - sp;
 break;
+}
 }
-} else
+} else {
+long tmp = len;
+
 while (p < ep) {
-r = asn1_parse2(bp, , (long)len,
-offset + (p - *pp), depth + 1,
+sp = p;
+r = asn1_parse2(bp, , tmp, offset + (p - *pp), depth + 1,
 indent, dump);
 if (r == 0) {
 ret = 0;
 goto end;
 }
+tmp -= p - sp;
 }
+}
 } else if (xclass != 0) {
 p += len;
 if (BIO_write(bp, "\n", 1) <= 0)
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] master update

2016-04-22 Thread Viktor Dukhovni 
The branch master has been updated
   via  e2ab7fb343b28fba997cdf4a26bb616c26783c38 (commit)
   via  9f6b22b814a306677f6d5a829cf7fd62005ecdc2 (commit)
  from  ee85fc1dd67faebdeecb8fe8834facaee0566324 (commit)


- Log -
commit e2ab7fb343b28fba997cdf4a26bb616c26783c38
Author: Viktor Dukhovni <openssl-us...@dukhovni.org>
Date:   Thu Apr 21 20:06:49 2016 -0400

make update

Reviewed-by: Rich Salz <rs...@openssl.org>

commit 9f6b22b814a306677f6d5a829cf7fd62005ecdc2
Author: Viktor Dukhovni <openssl-us...@dukhovni.org>
Date:   Thu Apr 21 20:00:58 2016 -0400

Enabled DANE only when at least one TLSA RR was added

It is up to the caller of SSL_dane_tlsa_add() to take appropriate
action when no records are added successfully or adding some records
triggers an internal error (negative return value).

With this change the caller can continue with PKIX if desired when
none of the TLSA records are usable, or take some appropriate action
if DANE is required.

Also fixed the internal ssl_dane_dup() function to properly initialize
the TLSA RR stack in the target SSL handle.  Errors in ssl_dane_dup()
are no longer ignored.

Reviewed-by: Rich Salz <rs...@openssl.org>

---

Summary of changes:
 doc/ssl/SSL_CTX_dane_enable.pod | 56 --
 include/internal/dane.h |  3 ++-
 include/openssl/ssl.h   |  1 +
 ssl/ssl_err.c   | 60 ++---
 ssl/ssl_lib.c   | 16 +--
 5 files changed, 67 insertions(+), 69 deletions(-)

diff --git a/doc/ssl/SSL_CTX_dane_enable.pod b/doc/ssl/SSL_CTX_dane_enable.pod
index 8463a3d..d6d447d 100644
--- a/doc/ssl/SSL_CTX_dane_enable.pod
+++ b/doc/ssl/SSL_CTX_dane_enable.pod
@@ -71,11 +71,17 @@ The arguments specify the fields of the TLSA record.
 The B field is provided in binary (wire RDATA) form, not the hexadecimal
 ASCII presentation form, with an explicit length passed via B.
 A return value of 0 indicates that "unusable" TLSA records (with invalid or
-unsupported parameters) were provided, a negative return value indicates an
-internal error in processing the records.
-If DANE authentication is enabled, but no TLSA records are added successfully,
-authentication will fail, and the handshake may not complete, depending on the
-B argument of L<SSL_set_verify(3)> and any verification callback.
+unsupported parameters) were provided.
+A negative return value indicates an internal error in processing the record.
+
+The caller is expected to check the return value of each SSL_dane_tlsa_add()
+call and take appropriate action if none are usable or an internal error
+is encountered in processing some records.
+
+If no TLSA records are added successfully, DANE authentication is not enabled,
+and authentication will be based on any configured traditional trust-anchors;
+authentication success in this case does not mean that the peer was
+DANE-authenticated.
 
 SSL_get0_dane_authority() can be used to get more detailed information about
 the matched DANE trust-anchor after successful connection completion.
@@ -149,6 +155,7 @@ the lifetime of the SSL connection.
 
   SSL_CTX *ctx;
   SSL *ssl;
+  int (*verify_cb)(int ok, X509_STORE_CTX *sctx) = NULL;
   int num_usable = 0;
   const char *nexthop_domain = "example.com";
   const char *dane_tlsa_domain = "smtp.example.com";
@@ -175,11 +182,19 @@ the lifetime of the SSL connection.
 
 /* set usage, selector, mtype, data, len */
 
-/* Opportunistic DANE TLS clients treat usages 0, 1 as unusable. */
+/*
+ * Opportunistic DANE TLS clients support only DANE-TA(2) or DANE-EE(3).
+ * They treat all other certificate usages, and in particular PKIX-TA(0)
+ * and PKIX-EE(1), as unusable.
+ */
 switch (usage) {
+default:
 case 0: /* PKIX-TA(0) */
 case 1: /* PKIX-EE(1) */
 continue;
+case 2: /* DANE-TA(2) */
+case 3: /* DANE-EE(3) */
+break;
 }
 
 ret = SSL_dane_tlsa_add(ssl, usage, selector, mtype, data, len);
@@ -194,16 +209,29 @@ the lifetime of the SSL connection.
   }
 
   /*
+   * At this point, the verification mode is still the default SSL_VERIFY_NONE.
* Opportunistic DANE clients use unauthenticated TLS when all TLSA records
* are unusable, so continue the handshake even if authentication fails.
*/
   if (num_usable == 0) {
-int (*cb)(int ok, X509_STORE_CTX *sctx) = NULL;
-
 /* Log all records unusable? */
-/* Set cb to a non-NULL callback of your choice? */
 
-SSL_set_verify(ssl, SSL_VERIFY_NONE, cb);
+/* Optionally set verify_cb to a suitable non-NULL callback. */
+SSL_set_verify(ssl, SSL_VERIFY_NONE, verify_cb);
+  } else {
+

[openssl-commits] [openssl] master update

2016-04-14 Thread Viktor Dukhovni 
The branch master has been updated
   via  bdcd660e33710079b495cf5cc6a1aaa5d2dcd317 (commit)
  from  5968d11a7a28103610c054c6a57c852bbe0f3b51 (commit)


- Log -
commit bdcd660e33710079b495cf5cc6a1aaa5d2dcd317
Author: Viktor Dukhovni <openssl-us...@dukhovni.org>
Date:   Wed Apr 13 23:14:43 2016 -0400

Bugfix: in asn1parse avoid erroneous len after a sub-sequence

Introduced in:

commit 79c7f74d6cefd5d32fa20e69195ad3de834ce065
Author: Ben Laurie <b...@links.org>
Date:   Tue Mar 29 19:37:57 2016 +0100

Fix buffer overrun in ASN1_parse().

Problem input:

https://tools.ietf.org/html/draft-ietf-curdle-pkix-eddsa-00#section-8.1
-BEGIN PUBLIC KEY-
MC0wCAYDK2VkCgECAyEAGb9ECWmEzf6FQbrBZ9w7lshQhqowtrbLDFw4rXAxZuE=
-END PUBLIC KEY-

Previously:

0:d=0  hl=2 l=  45 cons: SEQUENCE
2:d=1  hl=2 l=   8 cons: SEQUENCE
4:d=2  hl=2 l=   3 prim: OBJECT:1.3.101.100
9:d=2  hl=2 l=   1 prim: ENUMERATED:02
Error in encoding
140735164989440:error:0D07207B:asn1 encoding 
routines:ASN1_get_object:header too long:../openssl/crypto/asn1/asn1_lib.c:148:

Now:

0:d=0  hl=2 l=  45 cons: SEQUENCE
2:d=1  hl=2 l=   8 cons: SEQUENCE
4:d=2  hl=2 l=   3 prim: OBJECT:1.3.101.100
9:d=2  hl=2 l=   1 prim: ENUMERATED:02
   12:d=1  hl=2 l=  33 prim: BIT STRING
   - 00 19 bf 44 09 69 84 cd-fe 85 41 ba c1 67 dc 3b   
...D.iA..g.;
  0010 - 96 c8 50 86 aa 30 b6 b6-cb 0c 5c 38 ad 70 31 66   
..P..0\8.p1f
  0020 - e1.

Reviewed-by: Richard Levitte <levi...@openssl.org>

---

Summary of changes:
 crypto/asn1/asn1_par.c | 7 ---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/crypto/asn1/asn1_par.c b/crypto/asn1/asn1_par.c
index b721273..e412820 100644
--- a/crypto/asn1/asn1_par.c
+++ b/crypto/asn1/asn1_par.c
@@ -189,18 +189,19 @@ static int asn1_parse2(BIO *bp, const unsigned char **pp, 
long length,
 }
 }
 } else {
+long tmp = len;
+
 while (p < ep) {
 sp = p;
-r = asn1_parse2(bp, , len,
+r = asn1_parse2(bp, , tmp,
 offset + (p - *pp), depth + 1,
 indent, dump);
 if (r == 0) {
 ret = 0;
 goto end;
 }
-len -= p - sp;
+tmp -= p - sp;
 }
-len = length;
 }
 } else if (xclass != 0) {
 p += len;
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] master update

2016-04-13 Thread Viktor Dukhovni 
The branch master has been updated
   via  5968d11a7a28103610c054c6a57c852bbe0f3b51 (commit)
  from  a50ad1daaa68c109ea1a14225a7aba8660526101 (commit)


- Log -
commit 5968d11a7a28103610c054c6a57c852bbe0f3b51
Author: Viktor Dukhovni <openssl-us...@dukhovni.org>
Date:   Wed Apr 13 23:41:55 2016 -0400

Don't use deprecated CONF_modules_free() in tests

Reviewed-by: Richard Levitte <levi...@openssl.org>

---

Summary of changes:
 test/ssl_test.c | 1 -
 1 file changed, 1 deletion(-)

diff --git a/test/ssl_test.c b/test/ssl_test.c
index b95120e..dfe71cb 100644
--- a/test/ssl_test.c
+++ b/test/ssl_test.c
@@ -210,6 +210,5 @@ int main(int argc, char **argv)
 ADD_ALL_TESTS(test_handshake, (int)(num_tests));
 result = run_tests(argv[0]);
 
-CONF_modules_free();
 return result;
 }
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] master update

2016-04-07 Thread Viktor Dukhovni 
The branch master has been updated
   via  a4ccf06808422400a6a0673b452d388e95a455fd (commit)
   via  43341433a88a6a2cd38c35359f48653e809b10cd (commit)
   via  c636c1c470fd2b4b0cb546e6ee85971375e42ec1 (commit)
  from  6afef8b1fb679df7d6a8606d713192c9907b1890 (commit)


- Log -
commit a4ccf06808422400a6a0673b452d388e95a455fd
Author: Viktor Dukhovni <openssl-us...@dukhovni.org>
Date:   Thu Apr 7 14:19:16 2016 -0400

make update

Signed-off-by: Rob Percival <robperci...@google.com>
Reviewed-by: Emilia Käsper <emi...@openssl.org>

commit 43341433a88a6a2cd38c35359f48653e809b10cd
Author: Viktor Dukhovni <openssl-us...@dukhovni.org>
Date:   Thu Apr 7 14:17:37 2016 -0400

Suppress CT callback as appropriate

Suppress CT callbacks with aNULL or PSK ciphersuites that involve
no certificates.  Ditto when the certificate chain is validated via
DANE-TA(2) or DANE-EE(3) TLSA records.  Also skip SCT processing
when the chain is fails verification.

Move and consolidate CT callbacks from libcrypto to libssl.  We
also simplify the interface to SSL_{,CTX_}_enable_ct() which can
specify either a permissive mode that just collects information or
a strict mode that requires at least one valid SCT or else asks to
abort the connection.

Simplified SCT processing and options in s_client(1) which now has
just a simple pair of "-noct" vs. "-ct" options, the latter enables
the permissive callback so that we can complete the handshake and
report all relevant information.  When printing SCTs, print the
validation status if set and not valid.

Signed-off-by: Rob Percival <robperci...@google.com>
Reviewed-by: Emilia Käsper <emi...@openssl.org>

commit c636c1c470fd2b4b0cb546e6ee85971375e42ec1
Author: Viktor Dukhovni <openssl-us...@dukhovni.org>
Date:   Sat Apr 2 16:47:48 2016 -0400

Fix client verify mode to check SSL_VERIFY_PEER

The original check for != SSL_VERIFY_NONE can give surprising results
when flags SSL_VERIFY_PEER is not set, but other flags are.  Note
that SSL_VERIFY_NONE (0) is not a flag bit, it is rather the absense
of all other flag bits.

Signed-off-by: Rob Percival <robperci...@google.com>
Reviewed-by: Emilia Käsper <emi...@openssl.org>

---

Summary of changes:
 apps/s_client.c|  67 +++-
 crypto/ct/ct_err.c |   3 -
 crypto/ct/ct_oct.c |  12 ++-
 crypto/ct/ct_prn.c |  23 -
 crypto/ct/ct_sct.c |  33 +-
 crypto/ct/ct_vfy.c |  59 ---
 doc/apps/s_client.pod  |  14 ++-
 doc/ssl/SSL_CTX_set_ct_validation_callback.pod | 113 ++--
 doc/ssl/SSL_CTX_set_ctlog_list_file.pod|   2 +-
 doc/ssl/SSL_CTX_set_verify.pod |  15 +--
 include/openssl/ct.h   |  22 +---
 include/openssl/ssl.h  |  60 ---
 ssl/ssl_err.c  |  14 +--
 ssl/ssl_lib.c  | 138 +++--
 ssl/ssl_locl.h |   4 +-
 ssl/statem/statem_clnt.c   |   5 +-
 ssl/t1_ext.c   |  15 +--
 test/ct_test.c |  22 ++--
 test/recipes/80-test_ssl_old.t |  27 ++---
 test/ssltest_old.c |  14 ++-
 util/libcrypto.num |   3 +-
 util/libssl.num|   6 +-
 22 files changed, 402 insertions(+), 269 deletions(-)

diff --git a/apps/s_client.c b/apps/s_client.c
index b180dbc..b2f10c8 100644
--- a/apps/s_client.c
+++ b/apps/s_client.c
@@ -666,7 +666,7 @@ typedef enum OPTION_choice {
 OPT_S_ENUM,
 OPT_FALLBACKSCSV, OPT_NOCMDS, OPT_PROXY, OPT_DANE_TLSA_DOMAIN,
 #ifndef OPENSSL_NO_CT
-OPT_NOCT, OPT_REQUESTCT, OPT_REQUIRECT, OPT_CTLOG_FILE,
+OPT_CT, OPT_NOCT, OPT_CTLOG_FILE,
 #endif
 OPT_DANE_TLSA_RRDATA
 } OPTION_CHOICE;
@@ -831,9 +831,8 @@ OPTIONS s_client_options[] = {
  "Specify engine to be used for client certificate operations"},
 #endif
 #ifndef OPENSSL_NO_CT
+{"ct", OPT_CT, '-', "Request and parse SCTs (also enables OCSP stapling)"},
 {"noct", OPT_NOCT, '-', "Do not request or parse SCTs (default)"},
-{"requestct", OPT_REQUESTCT, '-', "Request SCTs (enables OCSP stapling)"},
-{"requirect", OPT_REQUIRECT, '-', "Require at least 1 SCT (enables OCSP 
stapling)"},
 {"ctlogfile", OPT_CTLOG_FIL

[openssl-commits] [openssl] master update

2016-04-03 Thread Viktor Dukhovni 
The branch master has been updated
   via  ae6c553ecaa915d2689e66d68ac0965beba31e53 (commit)
  from  adb4076ae06dd6ff01a62b1fcd73f02aadc5ecae (commit)


- Log -
commit ae6c553ecaa915d2689e66d68ac0965beba31e53
Author: Viktor Dukhovni <openssl-us...@dukhovni.org>
Date:   Sun Apr 3 20:58:09 2016 -0400

Fix mixed declarations and code

Reviewed-by: Dr. Stephen Henson <st...@openssl.org>

---

Summary of changes:
 apps/dsaparam.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/apps/dsaparam.c b/apps/dsaparam.c
index 64e92ae..5c282be 100644
--- a/apps/dsaparam.c
+++ b/apps/dsaparam.c
@@ -264,13 +264,14 @@ int dsaparam_main(int argc, char **argv)
 
 if (C) {
 BIGNUM *p = NULL, *q = NULL, *g = NULL;
+unsigned char *data;
 int len, bits_p;
 
 DSA_get0_pqg(dsa, , , );
 len = BN_num_bytes(p);
 bits_p = BN_num_bits(p);
 
-unsigned char *data = app_malloc(len + 20, "BN space");
+data = app_malloc(len + 20, "BN space");
 
 BIO_printf(bio_out, "DSA *get_dsa%d()\n{\n", bits_p);
 print_bignum_var(bio_out, p, "dsap", len, data);
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] master update

2016-04-03 Thread Viktor Dukhovni 
The branch master has been updated
   via  51f6d88420f9289e8b3b395a709e1a0aedc8e163 (commit)
  from  c3a7e0c565c5d41e7d9b910a45c2248c2f3d5152 (commit)


- Log -
commit 51f6d88420f9289e8b3b395a709e1a0aedc8e163
Author: Andy Polyakov 
Date:   Fri Apr 1 18:17:01 2016 +0200

apps/Makefile.in: add tsget rule.

Reviewed-by: Richard Levitte 

---

Summary of changes:
 apps/Makefile.in | 4 
 1 file changed, 4 insertions(+)

diff --git a/apps/Makefile.in b/apps/Makefile.in
index 064496b..d2ec0c7 100644
--- a/apps/Makefile.in
+++ b/apps/Makefile.in
@@ -151,5 +151,9 @@ CA.pl: CA.pl.in
$(PERL) -I$(TOP) -Mconfigdata $(TOP)/util/dofile.pl -oapps/Makefile 
CA.pl.in > CA.pl.new
mv CA.pl.new CA.pl
 
+tsget: tsget.in
+   $(PERL) -I$(TOP) -Mconfigdata $(TOP)/util/dofile.pl -oapps/Makefile 
tsget.in > tsget.new
+   mv tsget.new tsget
+
 
 # DO NOT DELETE THIS LINE -- make depend depends on it.
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] master update

2016-04-03 Thread Viktor Dukhovni 
The branch master has been updated
   via  c3a7e0c565c5d41e7d9b910a45c2248c2f3d5152 (commit)
  from  bb3bdf0507ac5c9713a7e99d8652085b2f150b06 (commit)


- Log -
commit c3a7e0c565c5d41e7d9b910a45c2248c2f3d5152
Author: Viktor Dukhovni <openssl-us...@dukhovni.org>
Date:   Sun Apr 3 15:21:34 2016 -0400

After saving errno clear it before calls to strtol et. al.

Reviewed-by: Richard Levitte <levi...@openssl.org>

---

Summary of changes:
 apps/opt.c | 4 
 1 file changed, 4 insertions(+)

diff --git a/apps/opt.c b/apps/opt.c
index 462894a..63d3215 100644
--- a/apps/opt.c
+++ b/apps/opt.c
@@ -373,6 +373,7 @@ int opt_long(const char *value, long *result)
 long l;
 char *endp;
 
+errno = 0;
 l = strtol(value, , 0);
 if (*endp
 || endp == value
@@ -398,6 +399,7 @@ int opt_imax(const char *value, intmax_t *result)
 intmax_t m;
 char *endp;
 
+errno = 0;
 m = strtoimax(value, , 0);
 if (*endp
 || endp == value
@@ -420,6 +422,7 @@ int opt_umax(const char *value, uintmax_t *result)
 uintmax_t m;
 char *endp;
 
+errno = 0;
 m = strtoumax(value, , 0);
 if (*endp
 || endp == value
@@ -445,6 +448,7 @@ int opt_ulong(const char *value, unsigned long *result)
 char *endptr;
 unsigned long l;
 
+errno = 0;
 l = strtoul(value, , 0);
 if (*endptr
 || endptr == value
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] master update

2016-04-03 Thread Viktor Dukhovni 
The branch master has been updated
   via  bb3bdf0507ac5c9713a7e99d8652085b2f150b06 (commit)
   via  fbb82a60dcbe820714a246ab3e7617eaf3a7b656 (commit)
   via  70dd3c6593d87e4cbb56b485717cb2cfff730f3e (commit)
  from  0f1ef63bf1708fbbb1ab248d455f619ce2d5b1ac (commit)


- Log -
commit bb3bdf0507ac5c9713a7e99d8652085b2f150b06
Author: Viktor Dukhovni <openssl-us...@dukhovni.org>
Date:   Sun Mar 20 04:12:52 2016 -0400

make update

Reviewed-by: Dr. Stephen Henson <st...@openssl.org>

commit fbb82a60dcbe820714a246ab3e7617eaf3a7b656
Author: Viktor Dukhovni <openssl-us...@dukhovni.org>
Date:   Fri Mar 18 22:09:41 2016 -0400

Move peer chain security checks into x509_vfy.c

A new X509_VERIFY_PARAM_set_auth_level() function sets the
authentication security level.  For verification of SSL peers, this
is automatically set from the SSL security level.  Otherwise, for
now, the authentication security level remains at (effectively) 0
by default.

The new "-auth_level" verify(1) option is available in all the
command-line tools that support the standard verify(1) options.

New verify(1) tests added to check enforcement of chain signature
and public key security levels.  Also added new tests of enforcement
of the verify_depth limit.

Updated documentation.

Reviewed-by: Dr. Stephen Henson <st...@openssl.org>

commit 70dd3c6593d87e4cbb56b485717cb2cfff730f3e
Author: Viktor Dukhovni <openssl-us...@dukhovni.org>
Date:   Sat Feb 27 14:17:28 2016 -0500

Tidy up x509_vfy callback handling

Reviewed-by: Dr. Stephen Henson <st...@openssl.org>

---

Summary of changes:
 apps/apps.h   |   8 +-
 apps/opt.c|   5 +
 crypto/x509/x509_lcl.h|   4 +-
 crypto/x509/x509_lu.c |   4 +-
 crypto/x509/x509_txt.c|   6 +
 crypto/x509/x509_vfy.c| 661 --
 crypto/x509/x509_vpm.c|  17 +
 doc/apps/cms.pod  |   5 +-
 doc/apps/ocsp.pod |   7 +-
 doc/apps/s_client.pod |   5 +-
 doc/apps/s_server.pod |   5 +-
 doc/apps/smime.pod|   5 +-
 doc/apps/ts.pod   |  21 +-
 doc/apps/verify.pod   |  24 +-
 doc/crypto/X509_VERIFY_PARAM_set_flags.pod|  42 +-
 include/openssl/x509_vfy.h|   7 +-
 ssl/ssl_cert.c|  25 +-
 test/certs/ca-cert-768.pem|  15 +
 test/certs/ca-cert-768i.pem   |  15 +
 test/certs/{ca+anyEKU.pem => ca-cert-md5-any.pem} |  16 +-
 test/certs/{ca-cert.pem => ca-cert-md5.pem}   |  16 +-
 test/certs/ca-key-768.pem |  13 +
 test/certs/ee-cert-768.pem|  16 +
 test/certs/{ee-cert2.pem => ee-cert-768i.pem} |  15 +-
 test/certs/{ee-cert.pem => ee-cert-md5.pem}   |  16 +-
 test/certs/ee-key-768.pem |  13 +
 test/certs/mkcert.sh  |  10 +-
 test/certs/root-cert-768.pem  |  11 +
 test/certs/{root-cert.pem => root-cert-md5.pem}   |  16 +-
 test/certs/root-key-768.pem   |  13 +
 test/certs/setup.sh   |  30 +
 test/recipes/25-test_verify.t |  48 +-
 util/libcrypto.num|   2 +
 33 files changed, 714 insertions(+), 402 deletions(-)
 create mode 100644 test/certs/ca-cert-768.pem
 create mode 100644 test/certs/ca-cert-768i.pem
 copy test/certs/{ca+anyEKU.pem => ca-cert-md5-any.pem} (54%)
 copy test/certs/{ca-cert.pem => ca-cert-md5.pem} (54%)
 create mode 100644 test/certs/ca-key-768.pem
 create mode 100644 test/certs/ee-cert-768.pem
 copy test/certs/{ee-cert2.pem => ee-cert-768i.pem} (50%)
 copy test/certs/{ee-cert.pem => ee-cert-md5.pem} (56%)
 create mode 100644 test/certs/ee-key-768.pem
 create mode 100644 test/certs/root-cert-768.pem
 copy test/certs/{root-cert.pem => root-cert-md5.pem} (53%)
 create mode 100644 test/certs/root-key-768.pem

diff --git a/apps/apps.h b/apps/apps.h
index 434ca54..a310dd2 100644
--- a/apps/apps.h
+++ b/apps/apps.h
@@ -180,6 +180,7 @@ void wait_for_async(SSL *s);
 OPT_V_POLICY_PRINT, OPT_V_CHECK_SS_SIG, OPT_V_TRUSTED_FIRST, \
 OPT_V_SUITEB_128_ONLY, OPT_V_SUITEB_128, OPT_V_SUITEB_192, \
 OPT_V_PARTIAL_CHAIN, OPT_V_NO_ALT_CHAINS, OPT_V_NO_CHECK_TIME, \
+OPT_V_VERIFY_AUTH_LEVEL, \
 OPT_V__LAST

[openssl-commits] [openssl] master update

2016-03-29 Thread Viktor Dukhovni 
The branch master has been updated
   via  4d9e33acb23472566ba0ae15d63c5562a0abf7a2 (commit)
  from  222e620baf5a55b251e716df955ce0db53c48b3b (commit)


- Log -
commit 4d9e33acb23472566ba0ae15d63c5562a0abf7a2
Author: Viktor Dukhovni <openssl-us...@dukhovni.org>
Date:   Tue Mar 29 19:40:03 2016 -0400

Require intermediate CAs to have basicConstraints CA:true.

Previously, it was sufficient to have certSign in keyUsage when the
basicConstraints extension was missing.  That is still accepted in
a trust anchor, but is no longer accepted in an intermediate CA.

Reviewed-by: Rich Salz <rs...@openssl.org>

---

Summary of changes:
 crypto/x509/x509_vfy.c|  3 ++-
 test/certs/ca-nonbc.pem   | 18 ++
 test/certs/mkcert.sh  | 21 +
 test/certs/setup.sh   |  1 +
 test/recipes/25-test_verify.t |  8 ++--
 5 files changed, 48 insertions(+), 3 deletions(-)
 create mode 100644 test/certs/ca-nonbc.pem

diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c
index afd8299..ffa211b 100644
--- a/crypto/x509/x509_vfy.c
+++ b/crypto/x509/x509_vfy.c
@@ -484,8 +484,9 @@ static int check_chain_extensions(X509_STORE_CTX *ctx)
 ret = 1;
 break;
 default:
+/* X509_V_FLAG_X509_STRICT is implicit for intermediate CAs */
 if ((ret == 0)
-|| ((ctx->param->flags & X509_V_FLAG_X509_STRICT)
+|| ((i + 1 < num || ctx->param->flags & 
X509_V_FLAG_X509_STRICT)
 && (ret != 1))) {
 ret = 0;
 ctx->error = X509_V_ERR_INVALID_CA;
diff --git a/test/certs/ca-nonbc.pem b/test/certs/ca-nonbc.pem
new file mode 100644
index 000..013775b
--- /dev/null
+++ b/test/certs/ca-nonbc.pem
@@ -0,0 +1,18 @@
+-BEGIN CERTIFICATE-
+MIIC6zCCAdOgAwIBAgIBAjANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdSb290
+IENBMCAXDTE2MDMzMDAwMDE1N1oYDzIxMTYwMzMxMDAwMTU3WjANMQswCQYDVQQD
+DAJDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJadpD0ASxxfxsvd
+j9IxsogVzMSGLFziaYuE9KejU9+R479RifvwfBANO62sNWJ19X//9G5UjwWmkiOz
+n1k50DkYsBBA3mJzik6wjt/c58lBIlSEgAgpvDU8ht8w3t20JP9+YqXAeugqFj/W
+l9rFQtsvaWSRywjXVlp5fxuEQelNnXcJEKhsKTNExsBUZebo4/J1BWpklWzA9P0l
+YW5INvDAAwcF1nzlEf0Y6Eot03IMNyg2MTE4hehxjdgCSci8GYnFirE/ojXqqpAc
+ZGh7r2dqWgZUD1Dh+bT2vjrUzj8eTH3GdzI+oljt29102JIUaqj3yzRYkah8FLF9
+CLNNsUcCAwEAAaNPME0wHQYDVR0OBBYEFLQRM/HX4l73U54gIhBPhga/H8leMB8G
+A1UdIwQYMBaAFI71Ja8em2uEPXyAmslTnE1y96NSMAsGA1UdDwQEAwIBBjANBgkq
+hkiG9w0BAQsFAAOCAQEAPo7bKKFLbwT3x7dw+OPZMDxwyG1pk5x+5SD7iv45mOzS
+5lZ2ByaOH+jnjTfG6beNmTCbfq6RcHqTvD6LXYex5z9KliIL9Fpwh507uGDXmKDN
+lM0zmbYhXiWGRwP5NkbB/EppbiSk42l5/ky4gmCH/a9kQfiBW+Gwe3aBwRX6v+5p
+BLwH12YrM46DdEL4RHd2H/9rjSaX4X3aaZd9kZsf/yaOU65iQX15cNDfxkKncYQK
+K+xjT2S/NLcwslkPzQLCWeWZVBV4Vd+TEjjZA1tFpu5e1oNlJYvGbqjIuUurpoxv
+IhsVUfWJEf7KjpFy+kgPyijNYRUBFrMspdb6x771RQ==
+-END CERTIFICATE-
diff --git a/test/certs/mkcert.sh b/test/certs/mkcert.sh
index 7b892d2..99e7d2a 100755
--- a/test/certs/mkcert.sh
+++ b/test/certs/mkcert.sh
@@ -114,6 +114,27 @@ genca() {
-set_serial 2 -days "${DAYS}"
 }
 
+gen_nonbc_ca() {
+local cn=$1; shift
+local key=$1; shift
+local cert=$1; shift
+local cakey=$1; shift
+local cacert=$1; shift
+local skid="subjectKeyIdentifier = hash"
+local akid="authorityKeyIdentifier = keyid"
+
+exts=$(printf "%s\n%s\n%s\n" "$skid" "$akid")
+exts=$(printf "%s\nkeyUsage = %s\n" "$exts" "keyCertSign, cRLSign")
+for eku in "$@"
+do
+exts=$(printf "%s\nextendedKeyUsage = %s\n" "$exts" "$eku")
+done
+csr=$(req "$key" "$cn") || return 1
+echo "$csr" |
+cert "$cert" "$exts" -CA "${cacert}.pem" -CAkey "${cakey}.pem" \
+   -set_serial 2 -days "${DAYS}"
+}
+
 genee() {
 local OPTIND=1
 local purpose=serverAuth
diff --git a/test/certs/setup.sh b/test/certs/setup.sh
index 8cf27ee..9606c77 100755
--- a/test/certs/setup.sh
+++ b/test/certs/setup.sh
@@ -74,6 +74,7 @@ openssl x509 -in sroot-cert.pem -trustout \
 #
 ./mkcert.sh genca "CA" ca-key ca-cert root-key root-cert
 ./mkcert.sh genee "CA" ca-key ca-nonca root-key root-cert
+./mkcert.sh gen_nonbc_ca "CA" ca-key ca-nonbc root-key root-cert
 ./mkcert.sh genca "CA" ca-key2 ca-cert2 root-key root-cert
 ./mkcert.sh genca "CA2" ca-key ca-name2 root-key root-cert
 ./mkcert.sh genca "CA" ca-key ca-root2 root-key2 root-cert2
diff --git a/test/recipes/25-test_verify.t b/test/recipes/25-test_verify.t
index c1d222b..d4131cc 100644
--- a/test/recipe

[openssl-commits] [openssl] master update

2016-03-20 Thread Viktor Dukhovni 
The branch master has been updated
   via  89ff989d01314a6104e5063edfce316c8325f339 (commit)
  from  3c27208fab1dc29f47f088490404df5abfcdfb05 (commit)


- Log -
commit 89ff989d01314a6104e5063edfce316c8325f339
Author: Viktor Dukhovni <openssl-us...@dukhovni.org>
Date:   Sun Mar 20 20:40:13 2016 -0400

Add a comment on dane_verify() logic

Reviewed-by: Rich Salz <rs...@openssl.org>

---

Summary of changes:
 crypto/x509/x509_vfy.c | 14 +-
 1 file changed, 13 insertions(+), 1 deletion(-)

diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c
index e2b1b96..afd8299 100644
--- a/crypto/x509/x509_vfy.c
+++ b/crypto/x509/x509_vfy.c
@@ -2591,7 +2591,7 @@ static int check_dane_issuer(X509_STORE_CTX *ctx, int 
depth)
 return  X509_TRUST_UNTRUSTED;
 
 /*
- * Record any DANE trust anchor matches, for the first depth to test, if
+ * Record any DANE trust-anchor matches, for the first depth to test, if
  * there's one at that depth. (This'll be false for length 1 chains looking
  * for an exact match for the leaf certificate).
  */
@@ -2676,6 +2676,18 @@ static int dane_verify(X509_STORE_CTX *ctx)
 
 dane_reset(dane);
 
+/*-
+ * When testing the leaf certificate, if we match a DANE-EE(3) record,
+ * dane_match() returns 1 and we're done.  If however we match a PKIX-EE(1)
+ * record, the match depth and matching TLSA record are recorded, but the
+ * return value is 0, because we still need to find a PKIX trust-anchor.
+ * Therefore, when DANE authentication is enabled (required), we're done
+ * if:
+ *   + matched < 0, internal error.
+ *   + matched == 1, we matched a DANE-EE(3) record
+ *   + matched == 0, mdepth < 0 (no PKIX-EE match) and there are no
+ * DANE-TA(2) or PKIX-TA(0) to test.
+ */
 matched = dane_match(ctx, ctx->cert, 0);
 done = matched != 0 || (!DANETLS_HAS_TA(dane) && dane->mdpth < 0);
 
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] master update

2016-03-19 Thread Viktor Dukhovni 
The branch master has been updated
   via  37bbfd48377d7e952e2f293e406fd7fe48fa735c (commit)
   via  ffc8d605e81c12d4ce06bce758df84f7945c0f02 (commit)
   via  1e7e1c8d5c06207c4f99eab1f3cff7a033358ae1 (commit)
  from  5a339364f75342978cc3943f788037cb47ee529e (commit)


- Log -
commit 37bbfd48377d7e952e2f293e406fd7fe48fa735c
Author: Viktor Dukhovni <openssl-us...@dukhovni.org>
Date:   Fri Mar 18 22:10:40 2016 -0400

Revert "Ignore the generated apps/progs.h"

This reverts commit 91056e72693b4ee8cb5339d9091871ffc3b6f776.

Reviewed-by: Rich Salz <rs...@openssl.org>

commit ffc8d605e81c12d4ce06bce758df84f7945c0f02
Author: Viktor Dukhovni <openssl-us...@dukhovni.org>
Date:   Fri Mar 18 22:10:39 2016 -0400

Revert "Generate apps/progs.h on the fly"

This reverts commit 04e2a527379ad12ca512aef4e838f94af22d7f79.

Reviewed-by: Rich Salz <rs...@openssl.org>

commit 1e7e1c8d5c06207c4f99eab1f3cff7a033358ae1
Author: Viktor Dukhovni <openssl-us...@dukhovni.org>
Date:   Fri Mar 18 22:10:33 2016 -0400

Revert "Include progs.h directly in openssl.c instead of via apps.h"

This reverts commit a45d7d5388c6774a484cff4af13f188240d3d50b.

Reviewed-by: Rich Salz <rs...@openssl.org>

---

Summary of changes:
 .gitignore|   1 -
 Configurations/unix-Makefile.tmpl |  13 +-
 apps/apps.h   |   2 +
 apps/build.info   |  25 +--
 apps/openssl.c|   2 +-
 apps/progs.h  | 428 ++
 6 files changed, 450 insertions(+), 21 deletions(-)
 create mode 100644 apps/progs.h

diff --git a/.gitignore b/.gitignore
index 05127dd..ab9c380 100644
--- a/.gitignore
+++ b/.gitignore
@@ -41,7 +41,6 @@ Makefile
 
 
 # Auto generated headers
-/apps/progs.h
 /crypto/buildinf.h
 /crypto/include/internal/*_conf.h
 /openssl/include/opensslconf.h
diff --git a/Configurations/unix-Makefile.tmpl 
b/Configurations/unix-Makefile.tmpl
index 1923acc..8bcb224 100644
--- a/Configurations/unix-Makefile.tmpl
+++ b/Configurations/unix-Makefile.tmpl
@@ -617,7 +617,7 @@ generate: generate_apps generate_crypto_bn 
generate_crypto_objects
 lint:
lint -DLINT $(INCLUDES) $(SRCS)
 
-generate_apps: $(SRCDIR)/apps/openssl-vms.cnf
+generate_apps: $(SRCDIR)/apps/openssl-vms.cnf $(SRCDIR)/apps/progs.h
 
 generate_crypto_bn: $(SRCDIR)/crypto/bn/bn_prime.h
 
@@ -695,6 +695,17 @@ $(SRCDIR)/apps/openssl-vms.cnf: $(SRCDIR)/apps/openssl.cnf
$(PERL) $(SRCDIR)/VMS/VMSify-conf.pl \
 < $(SRCDIR)/apps/openssl.cnf > $(SRCDIR)/apps/openssl-vms.cnf
 
+{- # because the program apps/openssl has object files as sources, and
+   # they then have the corresponding C files as source, we need to chain
+   # the lookups in %unified_info
+   my $apps_openssl = catfile("apps","openssl");
+   our @openssl_source = map { @{$unified_info{sources}->{$_}} }
+ @{$unified_info{sources}->{$apps_openssl}};
+   ""; -}
+$(SRCDIR)/apps/progs.h:
+   $(RM) $@
+   $(PERL) $(SRCDIR)/apps/progs.pl {- join(" ", @openssl_source) -} > $@
+
 $(SRCDIR)/crypto/bn/bn_prime.h: $(SRCDIR)/crypto/bn/bn_prime.pl
$(PERL) $(SRCDIR)/crypto/bn/bn_prime.pl > $(SRCDIR)/crypto/bn/bn_prime.h
 
diff --git a/apps/apps.h b/apps/apps.h
index 633b344..e7ea461 100644
--- a/apps/apps.h
+++ b/apps/apps.h
@@ -631,4 +631,6 @@ extern int verify_quiet;
 extern int verify_error;
 extern int verify_return_error;
 
+# include "progs.h"
+
 #endif
diff --git a/apps/build.info b/apps/build.info
index 12a1a7e..d581aad 100644
--- a/apps/build.info
+++ b/apps/build.info
@@ -1,27 +1,16 @@
-{- use File::Spec::Functions qw/catdir catfile rel2abs/;
-   our @cmd_srcs = (
-"asn1pars.c", "ca.c", "ciphers.c", "cms.c", "crl.c", "crl2p7.c",
-"dgst.c", "dhparam.c", "dsa.c", "dsaparam.c", "ec.c", "ecparam.c",
-"enc.c", "engine.c", "errstr.c", "gendsa.c", "genpkey.c", "genrsa.c",
-"nseq.c", "ocsp.c", "passwd.c", "pkcs12.c", "pkcs7.c", "pkcs8.c",
-"pkey.c", "pkeyparam.c", "pkeyutl.c", "prime.c", "rand.c", "req.c",
-"rsa.c", "rsautl.c", "s_client.c", "s_server.c", "s_time.c",
-"sess_id.c", "smime.c", "speed.c", "spkac.c", "srp.c", "ts.c",
-"verify.c", "version.c"

[openssl-commits] [openssl] master update

2016-03-19 Thread Viktor Dukhovni 
The branch master has been updated
   via  b5f40eb279e37c86d0634db5ffcc37517ea97694 (commit)
  from  748f254657ab900c0de5e9e1843150c2df4c4bea (commit)


- Log -
commit b5f40eb279e37c86d0634db5ffcc37517ea97694
Author: Viktor Dukhovni <openssl-us...@dukhovni.org>
Date:   Wed Mar 16 23:58:58 2016 -0400

Bugfix: Encode the requested length in s_cb.c:hexencode()

Reviewed-by: Rich Salz <rs...@openssl.org>

---

Summary of changes:
 apps/s_cb.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/apps/s_cb.c b/apps/s_cb.c
index 047f2ce..66b2a50 100644
--- a/apps/s_cb.c
+++ b/apps/s_cb.c
@@ -1106,7 +1106,7 @@ static char *hexencode(const unsigned char *data, size_t 
len)
 }
 cp = out = app_malloc(ilen, "TLSA hex data buffer");
 
-while (ilen-- > 0) {
+while (len-- > 0) {
 *cp++ = hex[(*data >> 4) & 0x0f];
 *cp++ = hex[*data++ & 0x0f];
 }
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] master update

2016-03-09 Thread Viktor Dukhovni 
The branch master has been updated
   via  dd60efea955e41a6f0926f93ec1503c6f83c4e58 (commit)
  from  29f082603a14bd8d6816a71a17f7c76adca7817d (commit)


- Log -
commit dd60efea955e41a6f0926f93ec1503c6f83c4e58
Author: Viktor Dukhovni <openssl-us...@dukhovni.org>
Date:   Tue Mar 8 15:20:02 2016 -0500

Add X509_CHECK_FLAG_NEVER_CHECK_SUBJECT flag

Reviewed-by: Dr. Stephen Henson <st...@openssl.org>

---

Summary of changes:
 crypto/x509v3/v3_utl.c | 6 ++
 doc/crypto/X509_check_host.pod | 8 
 include/openssl/x509v3.h   | 2 ++
 3 files changed, 12 insertions(+), 4 deletions(-)

diff --git a/crypto/x509v3/v3_utl.c b/crypto/x509v3/v3_utl.c
index 66b5711..a220b27 100644
--- a/crypto/x509v3/v3_utl.c
+++ b/crypto/x509v3/v3_utl.c
@@ -978,14 +978,12 @@ static int do_x509_check(X509 *x, const char *chk, size_t 
chklen,
 GENERAL_NAMES_free(gens);
 if (rv != 0)
 return rv;
-if (cnid == NID_undef
-|| (san_present
-&& !(flags & X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT)))
+if (san_present && !(flags & X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT))
 return 0;
 }
 
 /* We're done if CN-ID is not pertinent */
-if (cnid == NID_undef)
+if (cnid == NID_undef || (flags & X509_CHECK_FLAG_NEVER_CHECK_SUBJECT))
 return 0;
 
 i = -1;
diff --git a/doc/crypto/X509_check_host.pod b/doc/crypto/X509_check_host.pod
index 23447f4..d35ade8 100644
--- a/doc/crypto/X509_check_host.pod
+++ b/doc/crypto/X509_check_host.pod
@@ -70,6 +70,8 @@ flags:
 
 =item B,
 
+=item B,
+
 =item B,
 
 =item B,
@@ -86,6 +88,12 @@ one subject alternative name of the right type (DNS name or 
email
 address as appropriate); the default is to ignore the subject DN
 when at least one corresponding subject alternative names is present.
 
+The B flag causes the function to never
+consider the subject DN even if the certificate contains no subject alternative
+names of the right type (DNS name or email address as appropriate); the default
+is to use the subject DN when no corresponding subject alternative names are
+present.
+
 If set, B disables wildcard
 expansion; this only applies to B.
 
diff --git a/include/openssl/x509v3.h b/include/openssl/x509v3.h
index fa21208..b0f1545 100644
--- a/include/openssl/x509v3.h
+++ b/include/openssl/x509v3.h
@@ -737,6 +737,8 @@ STACK_OF(OPENSSL_STRING) *X509_get1_ocsp(X509 *x);
 # define X509_CHECK_FLAG_MULTI_LABEL_WILDCARDS 0x8
 /* Constraint verifier subdomain patterns to match a single labels. */
 # define X509_CHECK_FLAG_SINGLE_LABEL_SUBDOMAINS 0x10
+/* Never check the subject CN */
+# define X509_CHECK_FLAG_NEVER_CHECK_SUBJECT0x20
 /*
  * Match reference identifiers starting with "." to any sub-domain.
  * This is a non-public flag, turned on implicitly when the subject
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] OpenSSL_1_0_1-stable update

2016-03-08 Thread Viktor Dukhovni 
The branch OpenSSL_1_0_1-stable has been updated
   via  5bac9d44e712bc4acfbdd156244fca4486285ec9 (commit)
  from  a15971944091fa01d959566b17ce86225346c83c (commit)


- Log -
commit 5bac9d44e712bc4acfbdd156244fca4486285ec9
Author: Viktor Dukhovni <vik...@twosigma.com>
Date:   Mon Mar 7 21:10:38 2016 +

Retain SSLv2 methods as functions that return NULL

This improves ABI compatibility when symbol resolution is not lazy.

Reviewed-by: Richard Levitte <levi...@openssl.org>

---

Summary of changes:
 ssl/s2_meth.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/ssl/s2_meth.c b/ssl/s2_meth.c
index b312f17..d46e2f5 100644
--- a/ssl/s2_meth.c
+++ b/ssl/s2_meth.c
@@ -74,8 +74,8 @@ IMPLEMENT_ssl2_meth_func(SSLv2_method,
  ssl2_accept, ssl2_connect, ssl2_get_method)
 #else   /* !OPENSSL_NO_SSL2 */
 
-# if PEDANTIC
-static void *dummy = 
-# endif
+SSL_METHOD *SSLv2_method(void) { return NULL; }
+SSL_METHOD *SSLv2_client_method(void) { return NULL; }
+SSL_METHOD *SSLv2_server_method(void) { return NULL; }
 
 #endif
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] OpenSSL_1_0_2-stable update

2016-03-08 Thread Viktor Dukhovni 
The branch OpenSSL_1_0_2-stable has been updated
   via  133138569f37d149ed1d7641fe8c75a93fded445 (commit)
  from  29cce508972f61511318bf8cf7011fae027cddb2 (commit)


- Log -
commit 133138569f37d149ed1d7641fe8c75a93fded445
Author: Viktor Dukhovni <vik...@twosigma.com>
Date:   Mon Mar 7 21:10:38 2016 +

Retain SSLv2 methods as functions that return NULL

This improves ABI compatibility when symbol resolution is not lazy.

Reviewed-by: Richard Levitte <levi...@openssl.org>

---

Summary of changes:
 ssl/s2_meth.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/ssl/s2_meth.c b/ssl/s2_meth.c
index b312f17..d46e2f5 100644
--- a/ssl/s2_meth.c
+++ b/ssl/s2_meth.c
@@ -74,8 +74,8 @@ IMPLEMENT_ssl2_meth_func(SSLv2_method,
  ssl2_accept, ssl2_connect, ssl2_get_method)
 #else   /* !OPENSSL_NO_SSL2 */
 
-# if PEDANTIC
-static void *dummy = 
-# endif
+SSL_METHOD *SSLv2_method(void) { return NULL; }
+SSL_METHOD *SSLv2_client_method(void) { return NULL; }
+SSL_METHOD *SSLv2_server_method(void) { return NULL; }
 
 #endif
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] master update

2016-03-07 Thread Viktor Dukhovni 
The branch master has been updated
   via  ebc4815fa56b64d711ada36899a35182a99cbbdb (commit)
  from  e1d9f1ab39eeab0c3c2b9415e08c05858f77 (commit)


- Log -
commit ebc4815fa56b64d711ada36899a35182a99cbbdb
Author: Viktor Dukhovni <openssl-us...@dukhovni.org>
Date:   Sun Mar 6 20:01:20 2016 -0500

Don't free NCONF obtained values

Bug reported by Michel Sales.

Reviewed-by: Rich Salz <rs...@openssl.org>

---

Summary of changes:
 apps/req.c | 24 +++-
 1 file changed, 15 insertions(+), 9 deletions(-)

diff --git a/apps/req.c b/apps/req.c
index 693acc2..b128fa8 100644
--- a/apps/req.c
+++ b/apps/req.c
@@ -198,7 +198,9 @@ int req_main(int argc, char **argv)
 char *extensions = NULL, *infile = NULL;
 char *outfile = NULL, *keyfile = NULL, *inrand = NULL;
 char *keyalgstr = NULL, *p, *prog, *passargin = NULL, *passargout = NULL;
-char *passin = NULL, *passout = NULL, *req_exts = NULL, *subj = NULL;
+char *passin = NULL, *passout = NULL;
+char *nofree_passin = NULL, *nofree_passout = NULL;
+char *req_exts = NULL, *subj = NULL;
 char *template = default_config_file, *keyout = NULL;
 const char *keyalg = NULL;
 OPTION_CHOICE o;
@@ -436,15 +438,17 @@ int req_main(int argc, char **argv)
 }
 }
 
-if (!passin) {
-passin = NCONF_get_string(req_conf, SECTION, "input_password");
-if (!passin)
+if (passin == NULL) {
+passin = nofree_passin =
+NCONF_get_string(req_conf, SECTION, "input_password");
+if (passin == NULL)
 ERR_clear_error();
 }
 
-if (!passout) {
-passout = NCONF_get_string(req_conf, SECTION, "output_password");
-if (!passout)
+if (passout == NULL) {
+passout = nofree_passout =
+NCONF_get_string(req_conf, SECTION, "output_password");
+if (passout == NULL)
 ERR_clear_error();
 }
 
@@ -862,8 +866,10 @@ int req_main(int argc, char **argv)
 X509_REQ_free(req);
 X509_free(x509ss);
 ASN1_INTEGER_free(serial);
-OPENSSL_free(passin);
-OPENSSL_free(passout);
+if (passin != nofree_passin)
+OPENSSL_free(passin);
+if (passout != nofree_passout)
+OPENSSL_free(passout);
 OBJ_cleanup();
 return (ret);
 }
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] master update

2016-03-03 Thread Viktor Dukhovni 
The branch master has been updated
   via  f04abe7d500eeebc078a0ffb0e82997d5f62b2df (commit)
  from  c8cca980dc9a3d38eed6356219b84fcb5e257e0a (commit)


- Log -
commit f04abe7d500eeebc078a0ffb0e82997d5f62b2df
Author: Viktor Dukhovni <openssl-us...@dukhovni.org>
Date:   Thu Mar 3 23:30:42 2016 -0500

Improved HKDF and TLS1-PRF documentation

Reviewed-by: Rich Salz <rs...@openssl.org>

---

Summary of changes:
 doc/apps/pkeyutl.pod | 13 -
 doc/crypto/EVP_PKEY_HKDF.pod | 26 +-
 doc/crypto/EVP_PKEY_TLS1_PRF.pod | 13 -
 3 files changed, 37 insertions(+), 15 deletions(-)

diff --git a/doc/apps/pkeyutl.pod b/doc/apps/pkeyutl.pod
index 0426009..1c8e83f 100644
--- a/doc/apps/pkeyutl.pod
+++ b/doc/apps/pkeyutl.pod
@@ -123,12 +123,15 @@ derive a shared secret using the peer key.
 
 =item B<-kdf algorithm>
 
-Use key derivation function B. Note: additional paramers
-will normally have to be set and the KDF output length for this to work.
+Use key derivation function B.  The supported algorithms are
+at present B and B.
+Note: additional paramers and the KDF output length will normally have to be
+set for this to work.  See L<EVP_PKEY_HKDF(3)> and L<EVP_PKEY_TLS1_PRF(3)>
+for the supported string parameters of each algorithm.
 
 =item B<-kdflen length>
 
-Set the ouput length for KDF.
+Set the output length for KDF.
 
 =item B<-pkeyopt opt:value>
 
@@ -155,7 +158,6 @@ for all available algorithms.
 When used with the B<-engine> option, it specifies to also use
 engine B for crypto operations.
 
-
 =back
 
 =head1 NOTES
@@ -269,4 +271,5 @@ seed consisting of the single byte 0xFF.
 =head1 SEE ALSO
 
 L<genpkey(1)>, L<pkey(1)>, L<rsautl(1)>
-L<dgst(1)>, L<rsa(1)>, L<genrsa(1)>
+L<dgst(1)>, L<rsa(1)>, L<genrsa(1)>,
+L<EVP_PKEY_HKDF(3)>, L<EVP_PKEY_TLS1_PRF(3)>
diff --git a/doc/crypto/EVP_PKEY_HKDF.pod b/doc/crypto/EVP_PKEY_HKDF.pod
index d44e130..00c0a76 100644
--- a/doc/crypto/EVP_PKEY_HKDF.pod
+++ b/doc/crypto/EVP_PKEY_HKDF.pod
@@ -23,7 +23,7 @@ HMAC-based Extract-and-Expand key derivation algorithm
 
 =head1 DESCRIPTION
 
-The EVP_PKEY_HKDF alogorithm implements the HKDF key derivation function.
+The EVP_PKEY_HKDF algorithm implements the HKDF key derivation function.
 HKDF follows the "extract-then-expand" paradigm, where the KDF logically
 consists of two modules. The first stage takes the input keying material
 and "extracts" from it a fixed-length pseudorandom key K. The second stage
@@ -42,6 +42,17 @@ EVP_PKEY_CTX_add1_hkdf_info() sets the info value to 
B bytes of the
 buffer B. If a value is already set, it is appended to the existing
 value.
 
+=head1 STRING CTRLS
+
+HKDF also supports string based control operations via
+L<EVP_PKEY_CTX_ctrl_str(3)>.
+The B parameter "md" uses the supplied B as the name of the digest
+algorithm to use.
+The B parameters "salt", "key" and "info" use the supplied B
+parameter as a B, B or B value.
+The names "hexsalt", "hexkey" and "hexinfo" are similar except they take a hex
+string which is converted to binary.
+
 =head1 NOTES
 
 All these functions are implemented as macros.
@@ -56,9 +67,13 @@ an error occurs.
 The total length of the info buffer cannot exceed 1024 bytes in length: this
 should be more than enough for any normal use of HKDF.
 
-The output length of the KDF is specified by the length parameter in the
-EVP_PKEY_derive() function. Since the output length is variable, setting
-the buffer to B is not meaningful for HKDF.
+The output length of the KDF is specified via the length parameter to the
+L<EVP_PKEY_derive(3)> function.
+Since the HKDF output length is variable, passing a B buffer as a means
+to obtain the requisite length is not meaningful with HKDF.
+Instead, the caller must allocate a buffer of the desired length, and pass that
+buffer to L<EVP_PKEY_derive(3)> along with (a pointer initialized to) the
+desired length.
 
 Optimised versions of HKDF can be implemented in an ENGINE.
 
@@ -98,6 +113,7 @@ RFC 5869
 =head1 SEE ALSO
 
 L<EVP_PKEY_CTX_new(3)>,
-L<EVP_PKEY_derive(3)>,
+L<EVP_PKEY_CTX_ctrl_str(3)>,
+L<EVP_PKEY_derive(3)>
 
 =cut
diff --git a/doc/crypto/EVP_PKEY_TLS1_PRF.pod b/doc/crypto/EVP_PKEY_TLS1_PRF.pod
index e2a695d..e2264fc 100644
--- a/doc/crypto/EVP_PKEY_TLS1_PRF.pod
+++ b/doc/crypto/EVP_PKEY_TLS1_PRF.pod
@@ -36,10 +36,13 @@ If a seed is already set it is appended to the existing 
value.
 =head1 STRING CTRLS
 
 The TLS PRF also supports string based control operations using
-EVP_PKEY_CTX_ctrl_str(). The B parameters "secret" and "seed" use
-the supplied B para

[openssl-commits] [openssl] master update

2016-02-20 Thread Viktor Dukhovni 
The branch master has been updated
   via  dca97e9bfdfbb62b9a4f664ee901a826bc338ad7 (commit)
  from  834aae2a99eeab7be8da4b8370188bc56f862e96 (commit)


- Log -
commit dca97e9bfdfbb62b9a4f664ee901a826bc338ad7
Author: Viktor Dukhovni <openssl-us...@dukhovni.org>
Date:   Sat Feb 20 18:17:28 2016 -0500

Work-around for proxy->s_server retry logic

Reviewed-by: Richard Levitte <levi...@openssl.org>

---

Summary of changes:
 util/TLSProxy/Proxy.pm | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/util/TLSProxy/Proxy.pm b/util/TLSProxy/Proxy.pm
index 7d21f4e..96e3681 100644
--- a/util/TLSProxy/Proxy.pm
+++ b/util/TLSProxy/Proxy.pm
@@ -269,7 +269,9 @@ sub clientstart
 );
 
 $retry--;
-if (!$server_sock) {
+if ($@ || !defined($server_sock)) {
+$server_sock->close() if defined($server_sock);
+undef $server_sock;
 if ($retry) {
 #Sleep for a short while
 select(undef, undef, undef, 0.1);
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] master update

2016-02-14 Thread Viktor Dukhovni 
The branch master has been updated
   via  31305cdf9f5648a18c5a12854b08df7c9e4069fc (commit)
  from  6762a14779e262d181fd9e076919253201eec09e (commit)


- Log -
commit 31305cdf9f5648a18c5a12854b08df7c9e4069fc
Author: Viktor Dukhovni <openssl-us...@dukhovni.org>
Date:   Sun Feb 14 15:25:54 2016 -0500

Fixes to make no-deprecated work again

Reviewed-by: Rich Salz <rs...@openssl.org>
Reviewed-by: Richard Levitte <levi...@openssl.org>

---

Summary of changes:
 crypto/conf/conf_sap.c  |  2 ++
 crypto/engine/eng_all.c | 32 +++-
 crypto/init.c   |  1 +
 3 files changed, 6 insertions(+), 29 deletions(-)

diff --git a/crypto/conf/conf_sap.c b/crypto/conf/conf_sap.c
index 45c08e6..2021a02 100644
--- a/crypto/conf/conf_sap.c
+++ b/crypto/conf/conf_sap.c
@@ -75,6 +75,7 @@
 
 static int openssl_configured = 0;
 
+#if OPENSSL_API_COMPAT < 0x1010L
 void OPENSSL_config(const char *config_name)
 {
 OPENSSL_INIT_SETTINGS settings;
@@ -83,6 +84,7 @@ void OPENSSL_config(const char *config_name)
 settings.config_name = strdup(config_name);
 OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CONFIG, );
 }
+#endif
 
 void openssl_config_internal(const char *config_name)
 {
diff --git a/crypto/engine/eng_all.c b/crypto/engine/eng_all.c
index 6dceed6..6df6ef1 100644
--- a/crypto/engine/eng_all.c
+++ b/crypto/engine/eng_all.c
@@ -63,34 +63,8 @@ void ENGINE_load_builtin_engines(void)
 {
 /* Some ENGINEs need this */
 OPENSSL_cpuid_setup();
-#if !defined(OPENSSL_NO_HW) && (defined(__OpenBSD__) || defined(__FreeBSD__) 
|| defined(HAVE_CRYPTODEV))
-# ifdef ENGINE_load_cryptodev
-ENGINE_load_cryptodev();
-# endif
-#endif
-#ifndef OPENSSL_NO_RDRAND
-# ifdef ENGINE_load_rdrand
-ENGINE_load_rdrand();
-# endif
-#endif
-# ifdef ENGINE_load_dynamic
-ENGINE_load_dynamic();
-# endif
-#ifndef OPENSSL_NO_STATIC_ENGINE
-# ifndef OPENSSL_NO_HW
-#  ifndef OPENSSL_NO_HW_PADLOCK
-#   ifdef ENGINE_load_padlock
-ENGINE_load_padlock();
-#   endif
-#  endif
-# endif
-# if defined(OPENSSL_SYS_WIN32) && !defined(OPENSSL_NO_CAPIENG)
-#  ifdef ENGINE_load_capi
-ENGINE_load_capi();
-#  endif
-# endif
-#endif
-ENGINE_register_all_complete();
+
+OPENSSL_init_crypto(OPENSSL_INIT_ENGINE_ALL_BUILTIN, NULL);
 }
 
 #if defined(__OpenBSD__) || defined(__FreeBSD__) || defined(HAVE_CRYPTODEV)
@@ -98,7 +72,7 @@ void ENGINE_setup_bsd_cryptodev(void)
 {
 static int bsd_cryptodev_default_loaded = 0;
 if (!bsd_cryptodev_default_loaded) {
-ENGINE_load_cryptodev();
+OPENSSL_init_crypto(OPENSSL_INIT_ENGINE_CRYPTODEV, NULL);
 ENGINE_register_all_complete();
 }
 bsd_cryptodev_default_loaded = 1;
diff --git a/crypto/init.c b/crypto/init.c
index e58b119..25e3dc7 100644
--- a/crypto/init.c
+++ b/crypto/init.c
@@ -57,6 +57,7 @@
 
 #include 
 #include 
+#include 
 #include 
 #include 
 #include 
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] master update

2016-02-12 Thread Viktor Dukhovni 
The branch master has been updated
   via  ce3d25d3e5a7e82fd59fd30dff7acc39baed8b5e (commit)
  from  e314c340736830a6fc0260cf72cc51ea0c227e9d (commit)


- Log -
commit ce3d25d3e5a7e82fd59fd30dff7acc39baed8b5e
Author: Viktor Dukhovni <openssl-us...@dukhovni.org>
Date:   Sat Feb 13 02:53:13 2016 -0500

Fix some issues near recent chomp changes.

Reviewed-by: Richard Levitte <levi...@openssl.org>

---

Summary of changes:
 apps/CA.pl.in  | 6 +++---
 crypto/perlasm/x86_64-xlate.pl | 2 +-
 util/files.pl  | 6 +++---
 util/mk1mf.pl  | 4 +++-
 util/mkfiles.pl| 4 ++--
 5 files changed, 12 insertions(+), 10 deletions(-)

diff --git a/apps/CA.pl.in b/apps/CA.pl.in
index fbba457..f5e8e4a 100644
--- a/apps/CA.pl.in
+++ b/apps/CA.pl.in
@@ -120,9 +120,9 @@ if ($WHAT eq '-newcert' ) {
 close OUT;
 # ask user for existing CA certificate
 print "CA certificate filename (or enter to create)\n";
-$FILE = ;
-$FILE = s|\R$|| if $FILE;
-if ($FILE) {
+$FILE = "" unless defined($FILE = );
+$FILE =~ s{\R$}{};
+if ($FILE ne "") {
 copy_pemfile($FILE,"${CATOP}/private/$CAKEY", "PRIVATE");
 copy_pemfile($FILE,"${CATOP}/$CACERT", "CERTIFICATE");
 } else {
diff --git a/crypto/perlasm/x86_64-xlate.pl b/crypto/perlasm/x86_64-xlate.pl
index a0b3bc0..0a023fb 100755
--- a/crypto/perlasm/x86_64-xlate.pl
+++ b/crypto/perlasm/x86_64-xlate.pl
@@ -850,7 +850,7 @@ ___
 OPTION DOTNAME
 ___
 }
-while($line=<>) {
+while(defined($line=<>)) {
 
 $line =~ s|\R$||;   # Better chomp
 
diff --git a/util/files.pl b/util/files.pl
index d984196..32e7125 100755
--- a/util/files.pl
+++ b/util/files.pl
@@ -25,8 +25,8 @@ while (<>)
{
$b=$`; # Keep what is before the backslash
$o.=$b." ";
-   $b=<>;
-   $b =~ s|\R$||; # Better chomp
+   $b = "" unless defined($b = <>);
+   $b =~ s{\R$}{};
}
else
{
@@ -43,7 +43,7 @@ while (<>)
}
}
 
-$pwd=`pwd`; $pwd =~ s|\R$||;
+($pwd=`pwd`) =~ s{\R$}{};
 
 if ($sym{'TOP'} eq ".")
{
diff --git a/util/mk1mf.pl b/util/mk1mf.pl
index 3a9f0d7..f29e50b 100755
--- a/util/mk1mf.pl
+++ b/util/mk1mf.pl
@@ -553,8 +553,10 @@ if ($fips)
{
open (IN, "util/fipslib_path.txt") || fipslib_error();
$fipslibdir = ;
-   $fipslibdir =~ s|\R$||;
close IN;
+   $fipslibdir = "" unless defined($fipslibdir);
+   $fipslibdir =~ s{\R$}{};
+   fipslib_error() if ($fipslibdir eq "");
}
fips_check_files($fipslibdir,
"fipscanister.lib", "fipscanister.lib.sha1",
diff --git a/util/mkfiles.pl b/util/mkfiles.pl
index 4fbe29a..55dfbc6 100755
--- a/util/mkfiles.pl
+++ b/util/mkfiles.pl
@@ -107,8 +107,8 @@ while ()
{
$b=$`;
$o.=$b." ";
-   $b=;
-   $b =~ s|\R$||;
+   $b = "" unless defined($b = );
+   $b =~ s{\R$}{};
}
else
{
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] master update

2016-02-12 Thread Viktor Dukhovni 
The branch master has been updated
   via  82049c543cb71619bc23b4e2313f3f3eb405660a (commit)
  from  7687f5255011a5a3ca75e8c5427683d58ae411c0 (commit)


- Log -
commit 82049c543cb71619bc23b4e2313f3f3eb405660a
Author: Viktor Dukhovni <openssl-us...@dukhovni.org>
Date:   Fri Feb 12 16:36:06 2016 -0500

Move brace outside #ifdef

Reviewed-by: Rich Salz <rs...@openssl.org>

---

Summary of changes:
 ssl/statem/statem_lib.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/ssl/statem/statem_lib.c b/ssl/statem/statem_lib.c
index 6d4a536..8effb0f 100644
--- a/ssl/statem/statem_lib.c
+++ b/ssl/statem/statem_lib.c
@@ -623,8 +623,8 @@ int ssl_cert_type(X509 *x, EVP_PKEY *pk)
 return SSL_PKEY_GOST12_256;
 case NID_id_GostR3410_2012_512:
 return SSL_PKEY_GOST12_512;
-}
 #endif
+}
 }
 
 int ssl_verify_alarm_type(long type)
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] master update

2016-02-11 Thread Viktor Dukhovni 
The branch master has been updated
   via  17a723885e8a875fc19d5140f580f80a113ba78f (commit)
  from  27f172d9a3f3ec9901439b4823c95788598fa367 (commit)


- Log -
commit 17a723885e8a875fc19d5140f580f80a113ba78f
Author: Viktor Dukhovni <openssl-us...@dukhovni.org>
Date:   Wed Feb 10 23:53:54 2016 -0500

Simplify ssl_cert_type() by taking advantage of X509_get0_pubkey

Reviewed-by: Rich Salz <rs...@openssl.org>

---

Summary of changes:
 ssl/statem/statem_lib.c | 51 +++--
 1 file changed, 20 insertions(+), 31 deletions(-)

diff --git a/ssl/statem/statem_lib.c b/ssl/statem/statem_lib.c
index 49b5e48..6d4a536 100644
--- a/ssl/statem/statem_lib.c
+++ b/ssl/statem/statem_lib.c
@@ -599,43 +599,32 @@ int tls_get_message_body(SSL *s, unsigned long *len)
 return 1;
 }
 
-int ssl_cert_type(X509 *x, EVP_PKEY *pkey)
+int ssl_cert_type(X509 *x, EVP_PKEY *pk)
 {
-EVP_PKEY *pk;
-int ret = -1, i;
-
-if (pkey == NULL)
-pk = X509_get_pubkey(x);
-else
-pk = pkey;
-if (pk == NULL)
-goto err;
-
-i = EVP_PKEY_id(pk);
-if (i == EVP_PKEY_RSA) {
-ret = SSL_PKEY_RSA_ENC;
-} else if (i == EVP_PKEY_DSA) {
-ret = SSL_PKEY_DSA_SIGN;
-}
+if (pk == NULL &&
+(pk = X509_get0_pubkey(x)) == NULL)
+return -1;
+
+switch (EVP_PKEY_id(pk)) {
+default:
+return -1;
+case EVP_PKEY_RSA:
+return SSL_PKEY_RSA_ENC;
+case EVP_PKEY_DSA:
+return SSL_PKEY_DSA_SIGN;
 #ifndef OPENSSL_NO_EC
-else if (i == EVP_PKEY_EC) {
-ret = SSL_PKEY_ECC;
-}
+case EVP_PKEY_EC:
+return SSL_PKEY_ECC;
 #endif
 #ifndef OPENSSL_NO_GOST
-else if (i == NID_id_GostR3410_2001) {
-ret = SSL_PKEY_GOST01;
-} else if (i == NID_id_GostR3410_2012_256) {
-ret = SSL_PKEY_GOST12_256;
-} else if (i == NID_id_GostR3410_2012_512) {
-ret = SSL_PKEY_GOST12_512;
+case NID_id_GostR3410_2001:
+return SSL_PKEY_GOST01;
+case NID_id_GostR3410_2012_256:
+return SSL_PKEY_GOST12_256;
+case NID_id_GostR3410_2012_512:
+return SSL_PKEY_GOST12_512;
 }
 #endif
-
- err:
-if (!pkey)
-EVP_PKEY_free(pk);
-return (ret);
 }
 
 int ssl_verify_alarm_type(long type)
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] master update

2016-02-11 Thread Viktor Dukhovni 
The branch master has been updated
   via  ce023e77d7b208016276157fa14a6e2636649e85 (commit)
  from  24f0b10462792c202a0fe1952974fcace1e2c563 (commit)


- Log -
commit ce023e77d7b208016276157fa14a6e2636649e85
Author: Viktor Dukhovni <openssl-us...@dukhovni.org>
Date:   Thu Feb 11 13:44:53 2016 -0500

Fix MacOS/X build warnings

Commit 7823d792d0cad3b44ad5389a8d3381becefe7f44 added DEFINE_LHASH_OF
to a C source file.  DEFINE_LHASH_OF() and DEFINE_STACK_OF() must
be used only in header files to avoid clang warnings for unused
static-inline functions.

Reviewed-by: Rich Salz <rs...@openssl.org>

---

Summary of changes:
 ssl/ssl_cert.c | 2 --
 ssl/ssl_locl.h | 3 ++-
 2 files changed, 2 insertions(+), 3 deletions(-)

diff --git a/ssl/ssl_cert.c b/ssl/ssl_cert.c
index cc82fff..faa7a95 100644
--- a/ssl/ssl_cert.c
+++ b/ssl/ssl_cert.c
@@ -647,8 +647,6 @@ static unsigned long xname_hash(const X509_NAME *a)
 return X509_NAME_hash((X509_NAME *)a);
 }
 
-DEFINE_LHASH_OF(X509_NAME);
-
 /**
  * Load CA certs from a file into a ::STACK. Note that it is somewhat misnamed;
  * it doesn't really have anything to do with clients (except that a common use
diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h
index d7a7d01..7fdb263 100644
--- a/ssl/ssl_locl.h
+++ b/ssl/ssl_locl.h
@@ -685,7 +685,8 @@ struct ssl_comp_st {
 };
 
 DEFINE_LHASH_OF(SSL_SESSION);
-
+/* Needed in ssl_cert.c */
+DEFINE_LHASH_OF(X509_NAME);
 
 struct ssl_ctx_st {
 const SSL_METHOD *method;
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] master update

2016-02-10 Thread Viktor Dukhovni 
The branch master has been updated
   via  5e136d7abf0945664fa40c7a032abed13fd15c81 (commit)
   via  d33def662443c4b534c6b261a3b01f3960339c78 (commit)
  from  056be06b4dfd7eaf7914febd043e9b446e1ed772 (commit)


- Log -
commit 5e136d7abf0945664fa40c7a032abed13fd15c81
Author: Viktor Dukhovni <openssl-us...@dukhovni.org>
Date:   Tue Feb 9 14:18:15 2016 -0500

Improve recent option help string additions

Make these more correct, concise and less tautological.

Reviewed-by: Stephen Henson <st...@openssl.org>

commit d33def662443c4b534c6b261a3b01f3960339c78
Author: Viktor Dukhovni <openssl-us...@dukhovni.org>
Date:   Tue Feb 9 14:17:13 2016 -0500

Deprecate the -issuer_checks debugging option

This was a developer debugging feature and was never a useful public
interface.

Added all missing X509 error codes to the verify(1) manpage, but
many still need a description beyond the associated text string.

Sorted the errors in x509_txt.c by error number.

Reviewed-by: Stephen Henson <st...@openssl.org>

---

Summary of changes:
 apps/apps.h|  60 +-
 apps/opt.c |   2 +-
 crypto/x509/x509_txt.c |  27 +++--
 crypto/x509/x509_vfy.c |  11 +-
 doc/apps/cms.pod   |  11 +-
 doc/apps/ocsp.pod  |  11 +-
 doc/apps/s_client.pod  |  11 +-
 doc/apps/s_server.pod  |  14 +--
 doc/apps/smime.pod |  11 +-
 doc/apps/verify.pod| 171 +
 doc/crypto/X509_VERIFY_PARAM_set_flags.pod |   8 +-
 include/openssl/x509_vfy.h |  14 +--
 12 files changed, 228 insertions(+), 123 deletions(-)

diff --git a/apps/apps.h b/apps/apps.h
index 3c132e7..8ac7c03 100644
--- a/apps/apps.h
+++ b/apps/apps.h
@@ -194,47 +194,49 @@ void wait_for_async(SSL *s);
 # define OPT_V_OPTIONS \
 { "policy", OPT_V_POLICY, 's', "adds policy to the acceptable policy 
set"}, \
 { "purpose", OPT_V_PURPOSE, 's', \
-"Set the acceptable purpose of the certificate chain"}, \
-{ "verify_name", OPT_V_VERIFY_NAME, 's', "verify name"}, \
+"certificate chain purpose"}, \
+{ "verify_name", OPT_V_VERIFY_NAME, 's', "verification policy name"}, \
 { "verify_depth", OPT_V_VERIFY_DEPTH, 'p', \
-"Limit the maximum depth of the certificate chain"}, \
-{ "attime", OPT_V_ATTIME, 'M', "Set the verification time" }, \
+"chain depth limit"}, \
+{ "attime", OPT_V_ATTIME, 'M', "verification epoch time" }, \
 { "verify_hostname", OPT_V_VERIFY_HOSTNAME, 's', \
-"check peer certificate matches \"host\"" }, \
+"expected peer hostname" }, \
 { "verify_email", OPT_V_VERIFY_EMAIL, 's', \
-"check peer certificate matches \"email\"" }, \
+"expected peer email" }, \
 { "verify_ip", OPT_V_VERIFY_IP, 's', \
-"check peer certificate matches \"ipaddr\"" }, \
+"expected peer IP address" }, \
 { "ignore_critical", OPT_V_IGNORE_CRITICAL, '-', \
-"Disable critical extension checking"}, \
-{ "issuer_checks", OPT_V_ISSUER_CHECKS, '-', \
-"Enable debugging of certificate issuer checks"}, \
-{ "crl_check", OPT_V_CRL_CHECK, '-', "Check that peer cert has not 
been revoked" }, \
-{ "crl_check_all", OPT_V_CRL_CHECK_ALL, '-', "Also check all certs in 
the chain" }, \
-{ "policy_check", OPT_V_POLICY_CHECK, '-', "Enable certificate policy 
checking"}, \
-{ "explicit_policy", OPT_V_EXPLICIT_POLICY, '-', "Set the \"require 
explicit policy\""}, \
-{ "inhibit_any", OPT_V_INHIBIT_ANY, '-', "Set the \"inhibit any 
policy\"\""}, \
-{ "inhibit_map", OPT_V_INHIBIT_MAP, '-', "Set the \"inhibit policy 
mapping\"" }, \
+"permit unhandled critical extensions"}, \
+{ "issuer_checks", OPT_V_ISSUER_CHECKS, '-', "(deprecated)"}, \
+{ "crl_check", OPT_V_CRL_CHECK, '-', "check leaf certificate 
revocation" }, \
+{ "crl_check_all", OPT_V_CRL_CHECK_ALL, '-', "check full chain

[openssl-commits] [openssl] master update

2016-02-08 Thread Viktor Dukhovni 
The branch master has been updated
   via  c0a445a9f279d8c4a519b58e52a50112f2341070 (commit)
  from  2d9a9d8aac9c365cd36c072b72cba2525e63c454 (commit)


- Log -
commit c0a445a9f279d8c4a519b58e52a50112f2341070
Author: Viktor Dukhovni <openssl-us...@dukhovni.org>
Date:   Sun Feb 7 19:07:57 2016 -0500

Suppress DANE TLSA reflection when verification fails

As documented both SSL_get0_dane_authority() and SSL_get0_dane_tlsa()
are expected to return a negative match depth and nothing else when
verification fails.  However, this only happened when verification
failed during chain construction.  Errors in verification of the
constructed chain did not have the intended effect on these functions.

This commit updates the functions to check for verify_result ==
X509_V_OK, and no longer erases any accumulated match information
when chain construction fails.  Sophisticated developers can, with
care, use SSL_set_verify_result(ssl, X509_V_OK) to "peek" at TLSA
info even when verification fail.  They must of course first check
and save the real error, and restore the original error as quickly
as possible.  Hiding by default seems to be the safer interface.

Introduced X509_V_ERR_DANE_NO_MATCH code to signal failure to find
matching TLSA records.  Previously reported via X509_V_ERR_CERT_UNTRUSTED.

This also changes the "-brief" output from s_client to include
verification results and TLSA match information.

Mentioned session resumption in code example in SSL_CTX_dane_enable(3).
Also mentioned that depths returned are relative to the verified chain
which is now available via SSL_get0_verified_chain(3).

Added a few more test-cases to danetest, that exercise the new
code.

Resolved thread safety issue in use of static buffer in
X509_verify_cert_error_string().

Fixed long-stating issue in apps/s_cb.c which always sets verify_error
to either X509_V_OK or "chain to long", code elsewhere (e.g.
s_time.c), seems to expect the actual error.  [ The new chain
construction code is expected to correctly generate "chain
too long" errors, so at some point we need to drop the
work-arounds, once SSL_set_verify_depth() is also fixed to
propagate the depth to X509_STORE_CTX reliably. ]

Reviewed-by: Rich Salz <rs...@openssl.org>

---

Summary of changes:
 apps/s_apps.h   |   1 +
 apps/s_cb.c |  78 +-
 apps/s_client.c |  16 +---
 crypto/x509/x509_txt.c  |  10 ++-
 crypto/x509/x509_vfy.c  |   8 +-
 doc/apps/s_client.pod   |   9 +-
 doc/ssl/SSL_CTX_dane_enable.pod |  30 ++-
 include/openssl/x509_vfy.h  |   2 +
 ssl/ssl_lib.c   |   4 +-
 test/certs/mkcert.sh|   2 +-
 test/danetest.c |   8 ++
 test/danetest.in| 178 
 12 files changed, 294 insertions(+), 52 deletions(-)

diff --git a/apps/s_apps.h b/apps/s_apps.h
index e9b6f40..8e12c21 100644
--- a/apps/s_apps.h
+++ b/apps/s_apps.h
@@ -192,6 +192,7 @@ void ssl_ctx_set_excert(SSL_CTX *ctx, SSL_EXCERT *exc);
 void ssl_excert_free(SSL_EXCERT *exc);
 int args_excert(int option, SSL_EXCERT **pexc);
 int load_excert(SSL_EXCERT **pexc);
+void print_verify_detail(SSL *s, BIO *bio);
 void print_ssl_summary(SSL *s);
 #ifdef HEADER_SSL_H
 int config_ctx(SSL_CONF_CTX *cctx, STACK_OF(OPENSSL_STRING) *str,
diff --git a/apps/s_cb.c b/apps/s_cb.c
index 096471a8..30c9147 100644
--- a/apps/s_cb.c
+++ b/apps/s_cb.c
@@ -167,7 +167,7 @@ int verify_callback(int ok, X509_STORE_CTX *ctx)
 if (verify_depth >= depth) {
 if (!verify_return_error)
 ok = 1;
-verify_error = X509_V_OK;
+verify_error = err;
 } else {
 ok = 0;
 verify_error = X509_V_ERR_CERT_CHAIN_TOO_LONG;
@@ -1086,6 +1086,80 @@ static void print_raw_cipherlist(SSL *s)
 BIO_puts(bio_err, "\n");
 }
 
+/*
+ * Hex encoder for TLSA RRdata, not ':' delimited.
+ */
+static char *hexencode(const unsigned char *data, size_t len)
+{
+static const char *hex = "0123456789abcdef";
+char *out;
+char *cp;
+size_t outlen = 2 * len + 1;
+int ilen = (int) outlen;
+
+if (outlen < len || ilen < 0 || outlen != (size_t)ilen) {
+BIO_printf(bio_err, "%s: %" PRIu64 "-byte buffer too large to 
hexencode\n",
+   opt_getprog(), (uint64_t)len);
+exit(1);
+}
+cp = out = app_malloc(ilen, "TLSA hex data buffer");
+
+while (ilen-- > 0) {
+*cp++ = hex[(*data >> 4) & 0x0f];
+*cp++ = hex[

[openssl-commits] [openssl] master update

2016-02-06 Thread Viktor Dukhovni 
The branch master has been updated
   via  d1b105827aef49ae16fd2d321bafa92b1a6489c9 (commit)
  from  48cc4ad020213c83c34b225820522fe64163b522 (commit)


- Log -
commit d1b105827aef49ae16fd2d321bafa92b1a6489c9
Author: Viktor Dukhovni <openssl-us...@dukhovni.org>
Date:   Sat Feb 6 15:17:11 2016 -0500

Allocate bio_err before turning on memleak checks

Reviewed-by: Tim Hudson <t...@openssl.org>

---

Summary of changes:
 test/danetest.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/test/danetest.c b/test/danetest.c
index 92a3b1b..cad751f 100644
--- a/test/danetest.c
+++ b/test/danetest.c
@@ -471,6 +471,8 @@ int main(int argc, char *argv[])
 CAfile = argv[2];
 tlsafile = argv[3];
 
+bio_err = BIO_new_fp(stderr, BIO_NOCLOSE | BIO_FP_TEXT);
+
 p = getenv("OPENSSL_DEBUG_MEMORY");
 if (p != NULL && strcmp(p, "on") == 0)
 CRYPTO_set_mem_debug(1);
@@ -483,8 +485,6 @@ int main(int argc, char *argv[])
 return 0;
 }
 
-bio_err = BIO_new_fp(stderr, BIO_NOCLOSE | BIO_FP_TEXT);
-
 SSL_library_init();
 SSL_load_error_strings();
 
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] master update

2016-02-05 Thread Viktor Dukhovni 
The branch master has been updated
   via  cc5a9ba485b988b036974cf682cda35180788446 (commit)
  from  424d5db24803d2e4e1e406eb73262dea76761da4 (commit)


- Log -
commit cc5a9ba485b988b036974cf682cda35180788446
Author: Viktor Dukhovni <openssl-us...@dukhovni.org>
Date:   Wed Feb 3 16:45:39 2016 -0500

Restore -no_comp switch for backwards compatible behaviour

Reviewed-by: Emilia Käsper <emi...@openssl.org>

---

Summary of changes:
 apps/apps.h  |  6 --
 doc/apps/s_client.pod| 15 +++
 doc/apps/s_server.pod| 15 +++
 doc/ssl/SSL_CONF_cmd.pod | 11 ++-
 ssl/ssl_conf.c   |  4 +++-
 util/TLSProxy/Proxy.pm   |  2 +-
 6 files changed, 48 insertions(+), 5 deletions(-)

diff --git a/apps/apps.h b/apps/apps.h
index 52e57f8..15a044e 100644
--- a/apps/apps.h
+++ b/apps/apps.h
@@ -285,11 +285,11 @@ void wait_for_async(SSL *s);
 # define OPT_S_ENUM \
 OPT_S__FIRST=3000, \
 OPT_S_NOSSL3, OPT_S_NOTLS1, OPT_S_NOTLS1_1, OPT_S_NOTLS1_2, \
-OPT_S_BUGS, OPT_S_COMP, OPT_S_ECDHSINGLE, OPT_S_NOTICKET, \
+OPT_S_BUGS, OPT_S_NO_COMP, OPT_S_ECDHSINGLE, OPT_S_NOTICKET, \
 OPT_S_SERVERPREF, OPT_S_LEGACYRENEG, OPT_S_LEGACYCONN, \
 OPT_S_ONRESUMP, OPT_S_NOLEGACYCONN, OPT_S_STRICT, OPT_S_SIGALGS, \
 OPT_S_CLIENTSIGALGS, OPT_S_CURVES, OPT_S_NAMEDCURVE, OPT_S_CIPHER, \
-OPT_S_DHPARAM, OPT_S_DEBUGBROKE, \
+OPT_S_DHPARAM, OPT_S_DEBUGBROKE, OPT_S_COMP, \
 OPT_S__LAST
 
 # define OPT_S_OPTIONS \
@@ -298,6 +298,7 @@ void wait_for_async(SSL *s);
 {"no_tls1_1", OPT_S_NOTLS1_1, '-' }, \
 {"no_tls1_2", OPT_S_NOTLS1_2, '-' }, \
 {"bugs", OPT_S_BUGS, '-' }, \
+{"no_comp", OPT_S_NO_COMP, '-', "Disable SSL/TLS compression 
(default)" }, \
 {"comp", OPT_S_COMP, '-', "Use SSL/TLS-level compression" }, \
 {"ecdh_single", OPT_S_ECDHSINGLE, '-' }, \
 {"no_ticket", OPT_S_NOTICKET, '-' }, \
@@ -327,6 +328,7 @@ void wait_for_async(SSL *s);
 case OPT_S_NOTLS1_1: \
 case OPT_S_NOTLS1_2: \
 case OPT_S_BUGS: \
+case OPT_S_NO_COMP: \
 case OPT_S_COMP: \
 case OPT_S_ECDHSINGLE: \
 case OPT_S_NOTICKET: \
diff --git a/doc/apps/s_client.pod b/doc/apps/s_client.pod
index 2d5ef41..e9f3280 100644
--- a/doc/apps/s_client.pod
+++ b/doc/apps/s_client.pod
@@ -71,6 +71,8 @@ B B
 [B<-fallback_scsv>]
 [B<-async>]
 [B<-bugs>]
+[B<-comp>]
+[B<-no_comp>]
 [B<-cipher cipherlist>]
 [B<-serverpref>]
 [B<-starttls protocol>]
@@ -326,6 +328,19 @@ is also used via the B<-engine> option. For test purposes 
the dummy async engine
 there are several known bug in SSL and TLS implementations. Adding this
 option enables various workarounds.
 
+=item B<-comp>
+
+Enables support for SSL/TLS compression.
+This option was introduced in OpenSSL 1.1.0.
+TLS compression is not recommended and is off by default as of
+OpenSSL 1.1.0.
+
+=item B<-no_comp>
+
+Disables support for SSL/TLS compression.
+TLS compression is not recommended and is off by default as of
+OpenSSL 1.1.0.
+
 =item B<-brief>
 
 only provide a brief summary of connection parameters instead of the
diff --git a/doc/apps/s_server.pod b/doc/apps/s_server.pod
index 59d600d..b9ef5e6 100644
--- a/doc/apps/s_server.pod
+++ b/doc/apps/s_server.pod
@@ -77,6 +77,8 @@ B B
 [B<-no_tls1>]
 [B<-no_dhe>]
 [B<-bugs>]
+[B<-comp>]
+[B<-no_comp>]
 [B<-brief>]
 [B<-www>]
 [B<-WWW>]
@@ -313,6 +315,19 @@ is also used via the B<-engine> option. For test purposes 
the dummy async engine
 there are several known bug in SSL and TLS implementations. Adding this
 option enables various workarounds.
 
+=item B<-comp>
+
+Enable negotiation of TLS compression.
+This option was introduced in OpenSSL 1.1.0.
+TLS compression is not recommended and is off by default as of
+OpenSSL 1.1.0.
+
+=item B<-no_comp>
+
+Disable negotiation of TLS compression.
+TLS compression is not recommended and is off by default as of
+OpenSSL 1.1.0.
+
 =item B<-brief>
 
 only provide a brief summary of connection parameters instead of the
diff --git a/doc/ssl/SSL_CONF_cmd.pod b/doc/ssl/SSL_CONF_cmd.pod
index 6947865..b3c9df9 100644
--- a/doc/ssl/SSL_CONF_cmd.pod
+++ b/doc/ssl/SSL_CONF_cmd.pod
@@ -133,7 +133,16 @@ Various bug workarounds are set, same as setting 
B.
 
 =item B<-comp>
 
-Enables support for SSL/TLS compression, same as clearing 
B.
+Enables support for SSL/TLS compression, same as clearing
+B.
+This command was introduced in OpenSSL 1.1.0.
+As of OpenSSL 1.1.0, compression is off by default.
+
+=item B<-no_comp>
+

[openssl-commits] [openssl] OpenSSL_1_0_2-stable update

2016-02-05 Thread Viktor Dukhovni 
The branch OpenSSL_1_0_2-stable has been updated
   via  a3baa171053547488475709c7197592c66e427cf (commit)
  from  093d20a8cb74e64d627fcd03532ba6b3150f1d1f (commit)


- Log -
commit a3baa171053547488475709c7197592c66e427cf
Author: Viktor Dukhovni <openssl-us...@dukhovni.org>
Date:   Tue Feb 2 04:35:27 2016 -0500

Fix missing ok=0 with locally blacklisted CAs

Also in X509_verify_cert() avoid using "i" not only as a loop
counter, but also as a trust outcome and as an error ordinal.

Finally, make sure that all "goto end" jumps return an error, with
"end" renamed to "err" accordingly.

[ The 1.1.0 version of X509_verify_cert() is major rewrite,
  which addresses these issues in a more systemic way. ]

Reviewed-by: Rich Salz <rs...@openssl.org>

---

Summary of changes:
 crypto/x509/x509_vfy.c | 70 --
 1 file changed, 40 insertions(+), 30 deletions(-)

diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c
index 0429767..4d34dba 100644
--- a/crypto/x509/x509_vfy.c
+++ b/crypto/x509/x509_vfy.c
@@ -194,6 +194,9 @@ int X509_verify_cert(X509_STORE_CTX *ctx)
 int num, j, retry;
 int (*cb) (int xok, X509_STORE_CTX *xctx);
 STACK_OF(X509) *sktmp = NULL;
+int trust = X509_TRUST_UNTRUSTED;
+int err;
+
 if (ctx->cert == NULL) {
 X509err(X509_F_X509_VERIFY_CERT, X509_R_NO_CERT_SET_FOR_US_TO_VERIFY);
 return -1;
@@ -216,7 +219,8 @@ int X509_verify_cert(X509_STORE_CTX *ctx)
 if (((ctx->chain = sk_X509_new_null()) == NULL) ||
 (!sk_X509_push(ctx->chain, ctx->cert))) {
 X509err(X509_F_X509_VERIFY_CERT, ERR_R_MALLOC_FAILURE);
-goto end;
+ok = -1;
+goto err;
 }
 CRYPTO_add(>cert->references, 1, CRYPTO_LOCK_X509);
 ctx->last_untrusted = 1;
@@ -225,7 +229,8 @@ int X509_verify_cert(X509_STORE_CTX *ctx)
 if (ctx->untrusted != NULL
 && (sktmp = sk_X509_dup(ctx->untrusted)) == NULL) {
 X509err(X509_F_X509_VERIFY_CERT, ERR_R_MALLOC_FAILURE);
-goto end;
+ok = -1;
+goto err;
 }
 
 num = sk_X509_num(ctx->chain);
@@ -249,7 +254,7 @@ int X509_verify_cert(X509_STORE_CTX *ctx)
 if (ctx->param->flags & X509_V_FLAG_TRUSTED_FIRST) {
 ok = ctx->get_issuer(, ctx, x);
 if (ok < 0)
-goto end;
+goto err;
 /*
  * If successful for now free up cert so it will be picked up
  * again later.
@@ -266,7 +271,8 @@ int X509_verify_cert(X509_STORE_CTX *ctx)
 if (xtmp != NULL) {
 if (!sk_X509_push(ctx->chain, xtmp)) {
 X509err(X509_F_X509_VERIFY_CERT, ERR_R_MALLOC_FAILURE);
-goto end;
+ok = -1;
+goto err;
 }
 CRYPTO_add(>references, 1, CRYPTO_LOCK_X509);
 (void)sk_X509_delete_ptr(sktmp, xtmp);
@@ -314,7 +320,7 @@ int X509_verify_cert(X509_STORE_CTX *ctx)
 bad_chain = 1;
 ok = cb(0, ctx);
 if (!ok)
-goto end;
+goto err;
 } else {
 /*
  * We have a match: replace certificate with store
@@ -347,25 +353,26 @@ int X509_verify_cert(X509_STORE_CTX *ctx)
 ok = ctx->get_issuer(, ctx, x);
 
 if (ok < 0)
-goto end;
+goto err;
 if (ok == 0)
 break;
 x = xtmp;
 if (!sk_X509_push(ctx->chain, x)) {
 X509_free(xtmp);
 X509err(X509_F_X509_VERIFY_CERT, ERR_R_MALLOC_FAILURE);
-ok = 0;
-goto end;
+ok = -1;
+goto err;
 }
 num++;
 }
 
 /* we now have our chain, lets check it... */
-i = check_trust(ctx);
+if ((trust = check_trust(ctx)) == X509_TRUST_REJECTED) {
+/* Callback already issued */
+ok = 0;
+goto err;
+}
 
-/* If explicitly rejected error */
-if (i == X509_TRUST_REJECTED)
-goto end;
 /*
  * If it's not explicitly trusted then check if there is an alternative
  * chain that could be used. We only do this if we haven't already
@@ -373,14 +380,14 @@ int X509_verify_cert(X509_STORE_CTX *ctx)
  * chain checking
  */
 retry = 0;
-if (i != X509_TRUST_TRUSTED
+if (trust != X509_TRUST_TRUSTED
 && !(ctx->param->flags & X509_V_FLAG_TRUSTED_FIRST)

[openssl-commits] [openssl] master update

2016-02-05 Thread Viktor Dukhovni 
The branch master has been updated
   via  8143aa6f3474bbe103b0bd0ea79944803597990b (commit)
  from  a9052bed9e485a614dd44c6ae8f8c0e84c3205df (commit)


- Log -
commit 8143aa6f3474bbe103b0bd0ea79944803597990b
Author: Viktor Dukhovni <openssl-us...@dukhovni.org>
Date:   Fri Feb 5 21:25:05 2016 -0500

Add missing static declarations in dtlsv1listentest.c

Clang rightly does not like extern symbols that are not declared
in any header file, as typically these are not intended for global
visibility and are exposed in error.  This was indeed the case with
various file-scope objects in dtlsv1listentest.c.

Reviewed-by: Richard Levitte <levi...@openssl.org>

---

Summary of changes:
 test/dtlsv1listentest.c | 22 +++---
 1 file changed, 11 insertions(+), 11 deletions(-)

diff --git a/test/dtlsv1listentest.c b/test/dtlsv1listentest.c
index 28b493e..4b616a7 100644
--- a/test/dtlsv1listentest.c
+++ b/test/dtlsv1listentest.c
@@ -65,7 +65,7 @@
 #include "e_os.h"
 
 /* Just a ClientHello without a cookie */
-const unsigned char clienthello_nocookie[] = {
+static const unsigned char clienthello_nocookie[] = {
 0x16, /* Handshake */
 0xFE, 0xFF, /* DTLSv1.0 */
 0x00, 0x00, /* Epoch */
@@ -91,7 +91,7 @@ const unsigned char clienthello_nocookie[] = {
 };
 
 /* First fragment of a ClientHello without a cookie */
-const unsigned char clienthello_nocookie_frag[] = {
+static const unsigned char clienthello_nocookie_frag[] = {
 0x16, /* Handshake */
 0xFE, 0xFF, /* DTLSv1.0 */
 0x00, 0x00, /* Epoch */
@@ -111,7 +111,7 @@ const unsigned char clienthello_nocookie_frag[] = {
 };
 
 /* First fragment of a ClientHello which is too short */
-const unsigned char clienthello_nocookie_short[] = {
+static const unsigned char clienthello_nocookie_short[] = {
 0x16, /* Handshake */
 0xFE, 0xFF, /* DTLSv1.0 */
 0x00, 0x00, /* Epoch */
@@ -130,7 +130,7 @@ const unsigned char clienthello_nocookie_short[] = {
 };
 
 /* Second fragment of a ClientHello */
-const unsigned char clienthello_2ndfrag[] = {
+static const unsigned char clienthello_2ndfrag[] = {
 0x16, /* Handshake */
 0xFE, 0xFF, /* DTLSv1.0 */
 0x00, 0x00, /* Epoch */
@@ -156,7 +156,7 @@ const unsigned char clienthello_2ndfrag[] = {
 };
 
 /* A ClientHello with a good cookie */
-const unsigned char clienthello_cookie[] = {
+static const unsigned char clienthello_cookie[] = {
 0x16, /* Handshake */
 0xFE, 0xFF, /* DTLSv1.0 */
 0x00, 0x00, /* Epoch */
@@ -184,7 +184,7 @@ const unsigned char clienthello_cookie[] = {
 };
 
 /* A fragmented ClientHello with a good cookie */
-const unsigned char clienthello_cookie_frag[] = {
+static const unsigned char clienthello_cookie_frag[] = {
 0x16, /* Handshake */
 0xFE, 0xFF, /* DTLSv1.0 */
 0x00, 0x00, /* Epoch */
@@ -207,7 +207,7 @@ const unsigned char clienthello_cookie_frag[] = {
 
 
 /* A ClientHello with a bad cookie */
-const unsigned char clienthello_badcookie[] = {
+static const unsigned char clienthello_badcookie[] = {
 0x16, /* Handshake */
 0xFE, 0xFF, /* DTLSv1.0 */
 0x00, 0x00, /* Epoch */
@@ -235,7 +235,7 @@ const unsigned char clienthello_badcookie[] = {
 };
 
 /* A fragmented ClientHello with the fragment boundary mid cookie */
-const unsigned char clienthello_cookie_short[] = {
+static const unsigned char clienthello_cookie_short[] = {
 0x16, /* Handshake */
 0xFE, 0xFF, /* DTLSv1.0 */
 0x00, 0x00, /* Epoch */
@@ -257,14 +257,14 @@ const unsigned char clienthello_cookie_short[] = {
 };
 
 /* Bad record - too short */
-const unsigned char record_short[] = {
+static const unsigned char record_short[] = {
 0x16, /* Handshake */
 0xFE, 0xFF, /* DTLSv1.0 */
 0x00, 0x00, /* Epoch */
 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 /* Record sequence number */
 };
 
-const unsigned char verify[] = {
+static const unsigned char verify[] = {
 0x16, /* Handshake */
 0xFE, 0xFF, /* DTLSv1.0 */
 0x00, 0x00, /* Epoch */
@@ -281,7 +281,7 @@ const unsigned char verify[] = {
 0x0D, 0x0E, 0x0F, 0x10, 0x11, 0x12, 0x13 /* Cookie */
 };
 
-struct {
+static struct {
 const unsigned char *in;
 unsigned int inlen;
 /*
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] master update

2016-02-03 Thread Viktor Dukhovni 
The branch master has been updated
   via  4c35c936618ef31667784f56c7a64552f2ea9fb8 (commit)
  from  ef2499298b26fa84594c8e85fd645bc75179cfdd (commit)


- Log -
commit 4c35c936618ef31667784f56c7a64552f2ea9fb8
Author: Viktor Dukhovni <openssl-us...@dukhovni.org>
Date:   Wed Feb 3 18:32:25 2016 -0500

Handle localhost being either 127.0.0.1 or ::1

When connecting to "localhost" the Proxy's choice of client address
family may not match the server's choice address family.  Without
MultiHomed => 1, the proxy may try the wrong address family first,
and give up without trying the other.

Reviewed-by: Richard Levitte <levi...@openssl.org>

---

Summary of changes:
 util/TLSProxy/Proxy.pm | 1 +
 1 file changed, 1 insertion(+)

diff --git a/util/TLSProxy/Proxy.pm b/util/TLSProxy/Proxy.pm
index dab3d34..283c765 100644
--- a/util/TLSProxy/Proxy.pm
+++ b/util/TLSProxy/Proxy.pm
@@ -261,6 +261,7 @@ sub clientstart
 $server_sock = $IP_factory->(
 PeerAddr => $servaddr,
 PeerPort => $self->server_port,
+MultiHomed => 1,
 Proto => 'tcp'
 );
 
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] master update

2016-02-02 Thread Viktor Dukhovni 
The branch master has been updated
   via  0c20802c6a6008b28bfb0eac67d69f536edc60a7 (commit)
  from  43d6702de97d2d5b5b825ffea772b9f55635688c (commit)


- Log -
commit 0c20802c6a6008b28bfb0eac67d69f536edc60a7
Author: Viktor Dukhovni <openssl-us...@dukhovni.org>
Date:   Tue Feb 2 00:37:41 2016 -0500

Fix pkeyutl/rsautl empty encrypt-input/decrypt-output handling

Also fix option processing in pkeyutl to allow use of (formerly)
"out-of-order" switches that were needless implementation limitations.

Handle documented "ENGINE" form with -keyform and -peerform.

Better handling of OPENSSL_NO_ENGINE and OPENSSL_NO_RSA.

RT2018

Reviewed-by: Rich Salz <rs...@openssl.org>

---

Summary of changes:
 apps/apps.c  |  43 +++--
 apps/apps.h  |   3 +-
 apps/opt.c   |  27 +
 apps/pkeyutl.c   | 105 ++-
 apps/rsautl.c|   9 ++---
 doc/apps/pkeyutl.pod |   8 ++--
 doc/apps/rsautl.pod  |   5 +++
 7 files changed, 128 insertions(+), 72 deletions(-)

diff --git a/apps/apps.c b/apps/apps.c
index 9b55f82..7a4608f 100644
--- a/apps/apps.c
+++ b/apps/apps.c
@@ -763,20 +763,22 @@ EVP_PKEY *load_key(const char *file, int format, int 
maybe_stdin,
 BIO_printf(bio_err, "no keyfile specified\n");
 goto end;
 }
-#ifndef OPENSSL_NO_ENGINE
 if (format == FORMAT_ENGINE) {
-if (!e)
+if (e == NULL)
 BIO_printf(bio_err, "no engine specified\n");
 else {
+#ifndef OPENSSL_NO_ENGINE
 pkey = ENGINE_load_private_key(e, file, ui_method, _data);
-if (!pkey) {
+if (pkey == NULL) {
 BIO_printf(bio_err, "cannot load %s from engine\n", 
key_descrip);
 ERR_print_errors(bio_err);
 }
+#else
+BIO_printf(bio_err, "engines not supported\n");
+#endif
 }
 goto end;
 }
-#endif
 if (file == NULL && maybe_stdin) {
 unbuffer(stdin);
 key = dup_bio_in(format);
@@ -831,15 +833,22 @@ EVP_PKEY *load_pubkey(const char *file, int format, int 
maybe_stdin,
 BIO_printf(bio_err, "no keyfile specified\n");
 goto end;
 }
-#ifndef OPENSSL_NO_ENGINE
 if (format == FORMAT_ENGINE) {
-if (!e)
+if (e == NULL)
 BIO_printf(bio_err, "no engine specified\n");
-else
+else {
+#ifndef OPENSSL_NO_ENGINE
 pkey = ENGINE_load_public_key(e, file, ui_method, _data);
+if (pkey == NULL) {
+BIO_printf(bio_err, "cannot load %s from engine\n", 
key_descrip);
+ERR_print_errors(bio_err);
+}
+#else
+BIO_printf(bio_err, "engines not supported\n");
+#endif
+}
 goto end;
 }
-#endif
 if (file == NULL && maybe_stdin) {
 unbuffer(stdin);
 key = dup_bio_in(format);
@@ -850,8 +859,8 @@ EVP_PKEY *load_pubkey(const char *file, int format, int 
maybe_stdin,
 if (format == FORMAT_ASN1) {
 pkey = d2i_PUBKEY_bio(key, NULL);
 }
-#ifndef OPENSSL_NO_RSA
 else if (format == FORMAT_ASN1RSA) {
+#ifndef OPENSSL_NO_RSA
 RSA *rsa;
 rsa = d2i_RSAPublicKey_bio(key, NULL);
 if (rsa) {
@@ -860,8 +869,12 @@ EVP_PKEY *load_pubkey(const char *file, int format, int 
maybe_stdin,
 EVP_PKEY_set1_RSA(pkey, rsa);
 RSA_free(rsa);
 } else
+#else
+BIO_printf(bio_err, "RSA keys not supported\n");
+#endif
 pkey = NULL;
 } else if (format == FORMAT_PEMRSA) {
+#ifndef OPENSSL_NO_RSA
 RSA *rsa;
 rsa = PEM_read_bio_RSAPublicKey(key, NULL,
 (pem_password_cb *)password_callback,
@@ -872,9 +885,11 @@ EVP_PKEY *load_pubkey(const char *file, int format, int 
maybe_stdin,
 EVP_PKEY_set1_RSA(pkey, rsa);
 RSA_free(rsa);
 } else
+#else
+BIO_printf(bio_err, "RSA keys not supported\n");
+#endif
 pkey = NULL;
 }
-#endif
 else if (format == FORMAT_PEM) {
 pkey = PEM_read_bio_PUBKEY(key, NULL,
(pem_password_cb *)password_callback,
@@ -1907,7 +1922,11 @@ int bio_to_mem(unsigned char **out, int maxlen, BIO *in)
 else
 len = 1024;
 len = BIO_read(in, tbuf, len);
-if (len <= 0)
+if (len < 0) {
+BIO_free(mem);
+return -1;
+}
+if (len == 0)
 break;
 if (BIO_write(mem, tbuf, len) != len) {
 BIO_free(mem);
@@ -1924,7 +1943,7 @@ int bio_to_mem(unsigned char **out, i

[openssl-commits] [openssl] OpenSSL_1_0_2-stable update

2016-02-02 Thread Viktor Dukhovni 
The branch OpenSSL_1_0_2-stable has been updated
   via  5df0bde60ebf2718d5aef18c4a9fdfd230928981 (commit)
  from  a2bab12a331b6764804913d08e2e472c9e5d13ae (commit)


- Log -
commit 5df0bde60ebf2718d5aef18c4a9fdfd230928981
Author: Viktor Dukhovni <openssl-us...@dukhovni.org>
Date:   Mon Feb 1 23:37:42 2016 -0500

Fix pkeyutl/rsautl empty encrypt-input/decrypt-output handling

Also fix option processing in pkeyutl to allow use of (formerly)
"out-of-order" switches that were needless implementation limitations.

RT2018

Reviewed-by: Rich Salz <rs...@openssl.org>

---

Summary of changes:
 apps/apps.c|  8 --
 apps/apps.h|  2 +-
 apps/pkeyutl.c | 90 ++
 apps/rsautl.c  |  6 ++--
 4 files changed, 63 insertions(+), 43 deletions(-)

diff --git a/apps/apps.c b/apps/apps.c
index 2e77805..b1dd970 100644
--- a/apps/apps.c
+++ b/apps/apps.c
@@ -2442,7 +2442,11 @@ int bio_to_mem(unsigned char **out, int maxlen, BIO *in)
 else
 len = 1024;
 len = BIO_read(in, tbuf, len);
-if (len <= 0)
+if (len < 0) {
+BIO_free(mem);
+return -1;
+}
+if (len == 0)
 break;
 if (BIO_write(mem, tbuf, len) != len) {
 BIO_free(mem);
@@ -2459,7 +2463,7 @@ int bio_to_mem(unsigned char **out, int maxlen, BIO *in)
 return ret;
 }
 
-int pkey_ctrl_string(EVP_PKEY_CTX *ctx, char *value)
+int pkey_ctrl_string(EVP_PKEY_CTX *ctx, const char *value)
 {
 int rv;
 char *stmp, *vtmp = NULL;
diff --git a/apps/apps.h b/apps/apps.h
index 8276e70..19bf5cc 100644
--- a/apps/apps.h
+++ b/apps/apps.h
@@ -321,7 +321,7 @@ int args_verify(char ***pargs, int *pargc,
 int *badarg, BIO *err, X509_VERIFY_PARAM **pm);
 void policies_print(BIO *out, X509_STORE_CTX *ctx);
 int bio_to_mem(unsigned char **out, int maxlen, BIO *in);
-int pkey_ctrl_string(EVP_PKEY_CTX *ctx, char *value);
+int pkey_ctrl_string(EVP_PKEY_CTX *ctx, const char *value);
 int init_gen_str(BIO *err, EVP_PKEY_CTX **pctx,
  const char *algname, ENGINE *e, int do_param);
 int do_X509_sign(BIO *err, X509 *x, EVP_PKEY *pkey, const EVP_MD *md,
diff --git a/apps/pkeyutl.c b/apps/pkeyutl.c
index c8d513b..e47206c 100644
--- a/apps/pkeyutl.c
+++ b/apps/pkeyutl.c
@@ -73,7 +73,7 @@ static void usage(void);
 #define PROG pkeyutl_main
 
 static EVP_PKEY_CTX *init_ctx(int *pkeysize,
-  char *keyfile, int keyform, int key_type,
+  const char *keyfile, int keyform, int key_type,
   char *passargin, int pkey_op, ENGINE *e,
   int   impl);
 
@@ -99,10 +99,12 @@ int MAIN(int argc, char **argv)
 char *passargin = NULL;
 int keysize = -1;
 int engine_impl = 0;
-
 unsigned char *buf_in = NULL, *buf_out = NULL, *sig = NULL;
-size_t buf_outlen;
+size_t buf_outlen = 0;
 int buf_inlen = 0, siglen = -1;
+const char *inkey = NULL;
+const char *peerkey = NULL;
+STACK_OF(OPENSSL_STRING) *pkeyopts = NULL;
 
 int ret = 1, rv = -1;
 
@@ -136,21 +138,13 @@ int MAIN(int argc, char **argv)
 } else if (!strcmp(*argv, "-inkey")) {
 if (--argc < 1)
 badarg = 1;
-else {
-ctx = init_ctx(,
-   *(++argv), keyform, key_type,
-   passargin, pkey_op, e, engine_impl);
-if (!ctx) {
-BIO_puts(bio_err, "Error initializing context\n");
-ERR_print_errors(bio_err);
-badarg = 1;
-}
-}
+else
+inkey = *++argv;
 } else if (!strcmp(*argv, "-peerkey")) {
 if (--argc < 1)
 badarg = 1;
-else if (!setup_peer(bio_err, ctx, peerform, *(++argv), e))
-badarg = 1;
+else
+peerkey = *++argv;
 } else if (!strcmp(*argv, "-passin")) {
 if (--argc < 1)
 badarg = 1;
@@ -191,23 +185,21 @@ int MAIN(int argc, char **argv)
 pkey_op = EVP_PKEY_OP_VERIFY;
 else if (!strcmp(*argv, "-verifyrecover"))
 pkey_op = EVP_PKEY_OP_VERIFYRECOVER;
-else if (!strcmp(*argv, "-rev"))
-rev = 1;
 else if (!strcmp(*argv, "-encrypt"))
 pkey_op = EVP_PKEY_OP_ENCRYPT;
 else if (!strcmp(*argv, "-decrypt"))
 pkey_op = EVP_PKEY_OP_DECRYPT;
 else if (!strcmp(*argv, "-derive"))
 pkey_op = EVP_PKEY_OP_DERIVE;
+else if (!strcmp(*argv, "-r

[openssl-commits] [openssl] master update

2016-01-29 Thread Viktor Dukhovni 
The branch master has been updated
   via  aea6116146ef462d11950ebf701e0f56a38b3d75 (commit)
  from  d8ca44ba4158a9dafeaa30d3cba6f113904d2aa6 (commit)


- Log -
commit aea6116146ef462d11950ebf701e0f56a38b3d75
Author: Viktor Dukhovni <openssl-us...@dukhovni.org>
Date:   Wed Jan 27 22:43:23 2016 -0500

Make it possible to check for explicit auxiliary trust

By default X509_check_trust() trusts self-signed certificates from
the trust store that have no explicit local trust/reject oids
encapsulated as a "TRUSTED CERTIFICATE" object.  (See the -addtrust
and -trustout options of x509(1)).

This commit adds a flag that makes it possible to distinguish between
that implicit trust, and explicit auxiliary settings.

With flags |= X509_TRUST_NO_SS_COMPAT, a certificate is only trusted
via explicit trust settings.

Reviewed-by: Dr. Stephen Henson <st...@openssl.org>

---

Summary of changes:
 crypto/x509/x509_trs.c | 2 +-
 include/openssl/x509.h | 5 +++--
 2 files changed, 4 insertions(+), 3 deletions(-)

diff --git a/crypto/x509/x509_trs.c b/crypto/x509/x509_trs.c
index 72c8110..7392c55 100644
--- a/crypto/x509/x509_trs.c
+++ b/crypto/x509/x509_trs.c
@@ -285,7 +285,7 @@ static int trust_compat(X509_TRUST *trust, X509 *x, int 
flags)
 {
 /* Call for side-effect of computing hash and caching extensions */
 X509_check_purpose(x, -1, 0);
-if (x->ex_flags & EXFLAG_SS)
+if ((flags & X509_TRUST_NO_SS_COMPAT) == 0 && x->ex_flags & EXFLAG_SS)
 return X509_TRUST_TRUSTED;
 else
 return X509_TRUST_UNTRUSTED;
diff --git a/include/openssl/x509.h b/include/openssl/x509.h
index 477bff8..7581bb4 100644
--- a/include/openssl/x509.h
+++ b/include/openssl/x509.h
@@ -199,8 +199,9 @@ DEFINE_STACK_OF(X509_TRUST)
 # define X509_TRUST_MAX  8
 
 /* trust_flags values */
-# define X509_TRUST_DYNAMIC  1
-# define X509_TRUST_DYNAMIC_NAME 2
+# define X509_TRUST_DYNAMIC  (1U << 0)
+# define X509_TRUST_DYNAMIC_NAME (1U << 1)
+# define X509_TRUST_NO_SS_COMPAT (1U << 2)
 
 /* check_trust return codes */
 
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] master update

2016-01-29 Thread Viktor Dukhovni 
The branch master has been updated
   via  bc8c34d74ad26dca410f919b928db534b846d65f (commit)
  from  ced2c2c598e195175950a67756d426052d38c228 (commit)


- Log -
commit bc8c34d74ad26dca410f919b928db534b846d65f
Author: Viktor Dukhovni <openssl-us...@dukhovni.org>
Date:   Fri Jan 29 16:38:21 2016 -0500

Fix invalid policy detection

As a side-effect of opaque x509, ex_flags were looked up too early,
before additional policy cache updates.

Reviewed-by: Dr. Stephen Henson <st...@openssl.org>

---

Summary of changes:
 crypto/x509v3/pcy_tree.c | 8 ++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/crypto/x509v3/pcy_tree.c b/crypto/x509v3/pcy_tree.c
index 850d488..cac2d51 100644
--- a/crypto/x509v3/pcy_tree.c
+++ b/crypto/x509v3/pcy_tree.c
@@ -185,14 +185,18 @@ static int tree_init(X509_POLICY_TREE **ptree, 
STACK_OF(X509) *certs,
 for (i = n - 2; i >= 0; i--) {
 uint32_t ex_flags;
 x = sk_X509_value(certs, i);
-ex_flags = X509_get_extension_flags(x);
+
+/*
+ * Note, this modifies x->ex_flags.  If cache NULL something bad
+ * happened: return immediately
+ */
 cache = policy_cache_set(x);
-/* If cache NULL something bad happened: return immediately */
 if (cache == NULL)
 return 0;
 /*
  * If inconsistent extensions keep a note of it but continue
  */
+ex_flags = X509_get_extension_flags(x);
 if (ex_flags & EXFLAG_INVALID_POLICY)
 ret = -1;
 /*
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] master update

2016-01-29 Thread Viktor Dukhovni 
The branch master has been updated
   via  ea5e0c1caf4ea6731d09edf36a5ae57d6e60cd10 (commit)
  from  826e9e54460b30c8911f8ab28811f1961c9d63cd (commit)


- Log -
commit ea5e0c1caf4ea6731d09edf36a5ae57d6e60cd10
Author: Viktor Dukhovni <openssl-us...@dukhovni.org>
Date:   Fri Jan 29 17:23:03 2016 -0500

Make opt_imax visible in all apps

Reviewed-by: Rich Salz <rs...@openssl.org>

---

Summary of changes:
 apps/apps.h | 9 +
 apps/opt.c  | 6 --
 2 files changed, 9 insertions(+), 6 deletions(-)

diff --git a/apps/apps.h b/apps/apps.h
index 99bcd50..b6e894d 100644
--- a/apps/apps.h
+++ b/apps/apps.h
@@ -138,6 +138,15 @@
 #  define openssl_fdset(a,b) FD_SET(a, b)
 # endif
 
+# if defined(__STDC_VERSION__) && __STDC_VERSION__ >= 199901L && \
+ defined(INTMAX_MAX) && defined(UINTMAX_MAX)
+int opt_imax(const char *value, intmax_t *result);
+int opt_umax(const char *value, uintmax_t *result);
+# else
+#  define opt_imax opt_long
+#  define opt_umax opt_ulong
+# endif
+
 int app_RAND_load_file(const char *file, int dont_warn);
 int app_RAND_write_file(const char *file);
 /*
diff --git a/apps/opt.c b/apps/opt.c
index 17ac474..14e05de 100644
--- a/apps/opt.c
+++ b/apps/opt.c
@@ -75,12 +75,6 @@ static const OPTIONS *unknown;
 static const OPTIONS *opts;
 static char prog[40];
 
-#if !defined(__STDC_VERSION__) || __STDC_VERSION__ < 199901L || \
-!defined(INTMAX_MAX) && !defined(UINTMAX_MAX)
-#define opt_imax opt_long
-#define opt_umax opt_ulong
-#endif
-
 /*
  * Return the simple name of the program; removing various platform gunk.
  */
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] master update

2016-01-29 Thread Viktor Dukhovni 
The branch master has been updated
   via  56087077d81e2b888f4cbe7f70b2077dc5add90d (commit)
  from  04b08fbc3d0db3f7c540df4f5f00d30fae27ef90 (commit)


- Log -
commit 56087077d81e2b888f4cbe7f70b2077dc5add90d
Author: Viktor Dukhovni <openssl-us...@dukhovni.org>
Date:   Fri Jan 29 15:27:00 2016 -0500

Better type for x509 -checkend argument

This is a time_t and can be zero or negative.  So use 'M' (maximal
signed int) not 'p' (positive int).

Reviewed-by: Rich Salz <rs...@openssl.org>

---

Summary of changes:
 apps/x509.c | 13 ++---
 1 file changed, 10 insertions(+), 3 deletions(-)

diff --git a/apps/x509.c b/apps/x509.c
index 7a688a9..a8d0686 100644
--- a/apps/x509.c
+++ b/apps/x509.c
@@ -152,7 +152,7 @@ OPTIONS x509_options[] = {
 {"setalias", OPT_SETALIAS, 's', "Set certificate alias"},
 {"days", OPT_DAYS, 'n',
  "How long till expiry of a signed certificate - def 30 days"},
-{"checkend", OPT_CHECKEND, 'p',
+{"checkend", OPT_CHECKEND, 'M',
  "Check whether the cert expires in the next arg seconds"},
 {OPT_MORE_STR, 1, 1, "Exit 1 if so, 0 if not"},
 {"signkey", OPT_SIGNKEY, '<', "Self sign cert with arg"},
@@ -225,7 +225,8 @@ int x509_main(int argc, char **argv)
 int ocsp_uri = 0, trustout = 0, clrtrust = 0, clrreject = 0, aliasout = 0;
 int ret = 1, i, num = 0, badsig = 0, clrext = 0, nocert = 0;
 int text = 0, serial = 0, subject = 0, issuer = 0, startdate = 0;
-int checkoffset = 0, enddate = 0;
+int enddate = 0;
+time_t checkoffset = 0;
 unsigned long nmflag = 0, certflag = 0;
 char nmflag_set = 0;
 OPTION_CHOICE o;
@@ -466,8 +467,14 @@ int x509_main(int argc, char **argv)
 enddate = ++num;
 break;
 case OPT_CHECKEND:
-checkoffset = atoi(opt_arg());
 checkend = 1;
+if (!opt_imax(opt_arg(), ))
+goto opthelp;
+if (checkoffset != (time_t)checkoffset) {
+BIO_printf(bio_err, "%s: checkend time out of range %s\n",
+   prog, opt_arg());
+goto opthelp;
+}
 break;
 case OPT_CHECKHOST:
 checkhost = opt_arg();
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] master update

2016-01-28 Thread Viktor Dukhovni 
The branch master has been updated
   via  7eba4e62077484aebec010157424287f1963c88f (commit)
  from  3538c7da3d53dca70be5f507376299843046d2b7 (commit)


- Log -
commit 7eba4e62077484aebec010157424287f1963c88f
Author: Viktor Dukhovni <openssl-us...@dukhovni.org>
Date:   Thu Jan 28 00:10:11 2016 -0500

Restore NUMPRIMES as a numeric literal

This fixes clang compilation problem with size_t NUMPRIMES and int
loop counters.

Reviewed-by: Rich Salz <rs...@openssl.org>

---

Summary of changes:
 Makefile.in   | 6 +++---
 crypto/bn/bn_prime.c  | 2 --
 crypto/bn/bn_prime.h  | 5 -
 crypto/bn/bn_prime.pl | 3 ++-
 4 files changed, 9 insertions(+), 7 deletions(-)

diff --git a/Makefile.in b/Makefile.in
index 629141d..80d5f17 100644
--- a/Makefile.in
+++ b/Makefile.in
@@ -442,9 +442,9 @@ depend:
 update: generate errors ordinals depend
 
 generate:
-   (cd apps && $(MAKE) generate)
-   (cd crypto/bn && $(MAKE) generate)
-   (cd crypto/objects && $(MAKE) generate)
+   (cd apps && PERL='${PERL}' $(MAKE) generate)
+   (cd crypto/bn && PERL='${PERL}' $(MAKE) generate)
+   (cd crypto/objects && PERL='${PERL}' $(MAKE) generate)
 
 errors:
$(PERL) util/ck_errf.pl -strict */*.c */*/*.c
diff --git a/crypto/bn/bn_prime.c b/crypto/bn/bn_prime.c
index 8d1294f..a5887d9 100644
--- a/crypto/bn/bn_prime.c
+++ b/crypto/bn/bn_prime.c
@@ -121,8 +121,6 @@
  */
 #include "bn_prime.h"
 
-#define NUMPRIMES OSSL_NELEM(primes)
-
 static int witness(BIGNUM *w, const BIGNUM *a, const BIGNUM *a1,
const BIGNUM *a1_odd, int k, BN_CTX *ctx,
BN_MONT_CTX *mont);
diff --git a/crypto/bn/bn_prime.h b/crypto/bn/bn_prime.h
index d1fbcd1..6f6949c 100644
--- a/crypto/bn/bn_prime.h
+++ b/crypto/bn/bn_prime.h
@@ -57,7 +57,10 @@
  */
 
 typedef unsigned short prime_t;
-static const prime_t primes[] = {
+# define NUMPRIMES 2048
+
+static const prime_t primes[2048] = {
+
2,3,5,7,   11,   13,   17,   19, 
   23,   29,   31,   37,   41,   43,   47,   53, 
   59,   61,   67,   71,   73,   79,   83,   89, 
diff --git a/crypto/bn/bn_prime.pl b/crypto/bn/bn_prime.pl
index add6ffb..3a5f064 100644
--- a/crypto/bn/bn_prime.pl
+++ b/crypto/bn/bn_prime.pl
@@ -76,8 +76,9 @@ loop: while ($#primes < $num-1) {
 }
 
 print "typedef unsigned short prime_t;\n";
+printf "# define NUMPRIMES %d\n\n", $num;
 
-print "static const prime_t primes[] = {";
+printf "static const prime_t primes[%d] = {\n", $num;
 for (my $i = 0; $i <= $#primes; $i++) {
 printf "\n" if ($i % 8) == 0;
 printf "%4d, ", $primes[$i];
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] master update

2016-01-28 Thread Viktor Dukhovni 
The branch master has been updated
   via  35ade23b02a02b5514941586030016b67ac0934e (commit)
  from  987157f6f63fa70dbeffca3c8bc62f26e9767ff2 (commit)


- Log -
commit 35ade23b02a02b5514941586030016b67ac0934e
Author: Viktor Dukhovni <openssl-us...@dukhovni.org>
Date:   Thu Jan 28 19:04:49 2016 -0500

Keep RC5 bit shifts in [0..31]

Reviewed-by: Richard Levitte <levi...@openssl.org>

---

Summary of changes:
 crypto/rc5/rc5_locl.h | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/crypto/rc5/rc5_locl.h b/crypto/rc5/rc5_locl.h
index 990..6b34f92 100644
--- a/crypto/rc5/rc5_locl.h
+++ b/crypto/rc5/rc5_locl.h
@@ -170,10 +170,10 @@
 # endif
 #endif
 #ifndef ROTATE_l32
-# define ROTATE_l32(a,n) 
(((a)<<(n&0x1f))|(((a)&0x)>>(32-(n&0x1f
+# define ROTATE_l32(a,n) 
(((a)<<(n&0x1f))|(((a)&0x)>>((32-n)&0x1f)))
 #endif
 #ifndef ROTATE_r32
-# define ROTATE_r32(a,n) 
(((a)<<(32-(n&0x1f)))|(((a)&0x)>>(n&0x1f)))
+# define ROTATE_r32(a,n) 
(((a)<<((32-n)&0x1f))|(((a)&0x)>>(n&0x1f)))
 #endif
 
 #define RC5_32_MASK 0xL
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] master update

2016-01-27 Thread Viktor Dukhovni 
The branch master has been updated
   via  109f8b5dec6aa3f46c1df79c8d5f8e8aba10474b (commit)
  from  b4f35e5e07afa2df7125b814b45242648b33e39e (commit)


- Log -
commit 109f8b5dec6aa3f46c1df79c8d5f8e8aba10474b
Author: Viktor Dukhovni <openssl-us...@dukhovni.org>
Date:   Wed Jan 27 21:54:09 2016 -0500

Comment side-effect only calls of X509_check_purpose

Reviewed-by: Rich Salz <rs...@openssl.org>

---

Summary of changes:
 crypto/cms/cms_sd.c  | 1 +
 crypto/ts/ts_rsp_sign.c  | 1 +
 crypto/x509/x509_trs.c   | 1 +
 crypto/x509v3/pcy_tree.c | 1 -
 crypto/x509v3/v3_purp.c  | 5 +
 5 files changed, 8 insertions(+), 1 deletion(-)

diff --git a/crypto/cms/cms_sd.c b/crypto/cms/cms_sd.c
index 444af0b..288db48 100644
--- a/crypto/cms/cms_sd.c
+++ b/crypto/cms/cms_sd.c
@@ -280,6 +280,7 @@ CMS_SignerInfo *CMS_add1_signer(CMS_ContentInfo *cms,
 si = M_ASN1_new_of(CMS_SignerInfo);
 if (!si)
 goto merr;
+/* Call for side-effect of computing hash and caching extensions */
 X509_check_purpose(signer, -1, -1);
 
 CRYPTO_add(>references, 1, CRYPTO_LOCK_EVP_PKEY);
diff --git a/crypto/ts/ts_rsp_sign.c b/crypto/ts/ts_rsp_sign.c
index e85c4b4..0ad6f10 100644
--- a/crypto/ts/ts_rsp_sign.c
+++ b/crypto/ts/ts_rsp_sign.c
@@ -793,6 +793,7 @@ static ESS_CERT_ID *ess_CERT_ID_new_init(X509 *cert, int 
issuer_needed)
 GENERAL_NAME *name = NULL;
 unsigned char cert_sha1[SHA_DIGEST_LENGTH];
 
+/* Call for side-effect of computing hash and caching extensions */
 X509_check_purpose(cert, -1, 0);
 if ((cid = ESS_CERT_ID_new()) == NULL)
 goto err;
diff --git a/crypto/x509/x509_trs.c b/crypto/x509/x509_trs.c
index 58e7d54..72c8110 100644
--- a/crypto/x509/x509_trs.c
+++ b/crypto/x509/x509_trs.c
@@ -283,6 +283,7 @@ static int trust_1oid(X509_TRUST *trust, X509 *x, int flags)
 
 static int trust_compat(X509_TRUST *trust, X509 *x, int flags)
 {
+/* Call for side-effect of computing hash and caching extensions */
 X509_check_purpose(x, -1, 0);
 if (x->ex_flags & EXFLAG_SS)
 return X509_TRUST_TRUSTED;
diff --git a/crypto/x509v3/pcy_tree.c b/crypto/x509v3/pcy_tree.c
index 6cf6f4e..850d488 100644
--- a/crypto/x509v3/pcy_tree.c
+++ b/crypto/x509v3/pcy_tree.c
@@ -186,7 +186,6 @@ static int tree_init(X509_POLICY_TREE **ptree, 
STACK_OF(X509) *certs,
 uint32_t ex_flags;
 x = sk_X509_value(certs, i);
 ex_flags = X509_get_extension_flags(x);
-X509_check_purpose(x, -1, -1);
 cache = policy_cache_set(x);
 /* If cache NULL something bad happened: return immediately */
 if (cache == NULL)
diff --git a/crypto/x509v3/v3_purp.c b/crypto/x509v3/v3_purp.c
index 2d5a29f..e5231b3 100644
--- a/crypto/x509v3/v3_purp.c
+++ b/crypto/x509v3/v3_purp.c
@@ -132,6 +132,7 @@ int X509_check_purpose(X509 *x, int id, int ca)
 x509v3_cache_extensions(x);
 CRYPTO_w_unlock(CRYPTO_LOCK_X509);
 }
+/* Return if side-effect only call */
 if (id == -1)
 return 1;
 idx = X509_PURPOSE_get_by_id(id);
@@ -850,12 +851,14 @@ int X509_check_akid(X509 *issuer, AUTHORITY_KEYID *akid)
 
 uint32_t X509_get_extension_flags(X509 *x)
 {
+/* Call for side-effect of computing hash and caching extensions */
 X509_check_purpose(x, -1, -1);
 return x->ex_flags;
 }
 
 uint32_t X509_get_key_usage(X509 *x)
 {
+/* Call for side-effect of computing hash and caching extensions */
 X509_check_purpose(x, -1, -1);
 if (x->ex_flags & EXFLAG_KUSAGE)
 return x->ex_kusage;
@@ -864,6 +867,7 @@ uint32_t X509_get_key_usage(X509 *x)
 
 uint32_t X509_get_extended_key_usage(X509 *x)
 {
+/* Call for side-effect of computing hash and caching extensions */
 X509_check_purpose(x, -1, -1);
 if (x->ex_flags & EXFLAG_XKUSAGE)
 return x->ex_xkusage;
@@ -872,6 +876,7 @@ uint32_t X509_get_extended_key_usage(X509 *x)
 
 const ASN1_OCTET_STRING *X509_get0_subject_key_id(X509 *x)
 {
+/* Call for side-effect of computing hash and caching extensions */
 X509_check_purpose(x, -1, -1);
 return x->skid;
 }
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] master update

2016-01-26 Thread Viktor Dukhovni 
The branch master has been updated
   via  f006217bb628d05a2d5b866ff252bd94e3477e1f (commit)
  from  349807608f31b20af01a342d0072bb92e0b036e2 (commit)


- Log -
commit f006217bb628d05a2d5b866ff252bd94e3477e1f
Author: Viktor Dukhovni <openssl-us...@dukhovni.org>
Date:   Tue Jan 26 16:52:26 2016 -0500

Fix Custom Extension tests skip count

Reviewed-by: Richard Levitte <levi...@openssl.org>

---

Summary of changes:
 test/recipes/80-test_ssl.t | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/test/recipes/80-test_ssl.t b/test/recipes/80-test_ssl.t
index d0bb79a..bcac431 100644
--- a/test/recipes/80-test_ssl.t
+++ b/test/recipes/80-test_ssl.t
@@ -560,7 +560,7 @@ sub testssl {
plan tests => 1;
 
   SKIP: {
- skip "TLSv1.0 is not supported by this OpenSSL build", 7
+ skip "TLSv1.0 is not supported by this OpenSSL build", 1
  if $no_tls1;
 
  ok(run(test([@ssltest, "-bio_pair", "-tls1", "-custom_ext"])),
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] master update

2016-01-20 Thread Viktor Dukhovni 
The branch master has been updated
   via  6e32825631bea414c3fc70d16bbb413dac221722 (commit)
  from  bd5192b1013b68373c47bdca8d68229906171695 (commit)


- Log -
commit 6e32825631bea414c3fc70d16bbb413dac221722
Author: Viktor Dukhovni <openssl-us...@dukhovni.org>
Date:   Sun Jan 17 16:50:52 2016 -0500

Check Suite-B constraints with EE DANE records

When DANE-EE(3) matches or either of DANE-EE/PKIX-EE fails, we don't
build a chain at all, but rather succeed or fail with just the leaf
certificate.  In either case also check for Suite-B violations.

As unlikely as it may seem that anyone would enable both DANE and
Suite-B, we should do what the application asks.

Took the opportunity to eliminate the "cb" variables in x509_vfy.c,
just call ctx->verify_cb(ok, ctx)

Reviewed-by: Dr. Stephen Henson <st...@openssl.org>

---

Summary of changes:
 crypto/x509/x509_cmp.c | 19 +
 crypto/x509/x509_vfy.c | 55 --
 2 files changed, 46 insertions(+), 28 deletions(-)

diff --git a/crypto/x509/x509_cmp.c b/crypto/x509/x509_cmp.c
index 2521e77..2641d2e 100644
--- a/crypto/x509/x509_cmp.c
+++ b/crypto/x509/x509_cmp.c
@@ -398,11 +398,12 @@ int X509_chain_check_suiteb(int *perror_depth, X509 *x, 
STACK_OF(X509) *chain,
 unsigned long flags)
 {
 int rv, i, sign_nid;
-EVP_PKEY *pk = NULL;
-unsigned long tflags;
+EVP_PKEY *pk;
+unsigned long tflags = flags;
+
 if (!(flags & X509_V_FLAG_SUITEB_128_LOS))
 return X509_V_OK;
-tflags = flags;
+
 /* If no EE certificate passed in must be first in chain */
 if (x == NULL) {
 x = sk_X509_value(chain, 0);
@@ -410,6 +411,17 @@ int X509_chain_check_suiteb(int *perror_depth, X509 *x, 
STACK_OF(X509) *chain,
 } else
 i = 0;
 
+pk = X509_get0_pubkey(x);
+
+/*
+ * With DANE-EE(3) success, or DANE-EE(3)/PKIX-EE(1) failure we don't build
+ * a chain all, just report trust success or failure, but must also report
+ * Suite-B errors if applicable.  This is indicated via a NULL chain
+ * pointer.  All we need to do is check the leaf key algorithm.
+ */
+if (chain == NULL)
+return check_suite_b(pk, -1, );
+
 if (X509_get_version(x) != 2) {
 rv = X509_V_ERR_SUITE_B_INVALID_VERSION;
 /* Correct error depth */
@@ -417,7 +429,6 @@ int X509_chain_check_suiteb(int *perror_depth, X509 *x, 
STACK_OF(X509) *chain,
 goto end;
 }
 
-pk = X509_get0_pubkey(x);
 /* Check EE key only */
 rv = check_suite_b(pk, -1, );
 if (rv != X509_V_OK) {
diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c
index ec9c321..c9dd6fa 100644
--- a/crypto/x509/x509_vfy.c
+++ b/crypto/x509/x509_vfy.c
@@ -193,7 +193,6 @@ static X509 *lookup_cert_match(X509_STORE_CTX *ctx, X509 *x)
 
 static int verify_chain(X509_STORE_CTX *ctx)
 {
-int (*cb) (int xok, X509_STORE_CTX *xctx) = ctx->verify_cb;
 int err;
 int ok;
 
@@ -214,7 +213,7 @@ static int verify_chain(X509_STORE_CTX *ctx)
 if (err != X509_V_OK) {
 ctx->error = err;
 ctx->current_cert = sk_X509_value(ctx->chain, ctx->error_depth);
-if ((ok = cb(0, ctx)) == 0)
+if ((ok = ctx->verify_cb(0, ctx)) == 0)
 return ok;
 }
 
@@ -373,11 +372,9 @@ static int check_chain_extensions(X509_STORE_CTX *ctx)
 {
 int i, ok = 0, must_be_ca, plen = 0;
 X509 *x;
-int (*cb) (int xok, X509_STORE_CTX *xctx);
 int proxy_path_length = 0;
 int purpose;
 int allow_proxy_certs;
-cb = ctx->verify_cb;
 
 /*-
  *  must_be_ca can have 1 of 3 values:
@@ -415,7 +412,7 @@ static int check_chain_extensions(X509_STORE_CTX *ctx)
 ctx->error = X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION;
 ctx->error_depth = i;
 ctx->current_cert = x;
-ok = cb(0, ctx);
+ok = ctx->verify_cb(0, ctx);
 if (!ok)
 goto end;
 }
@@ -423,7 +420,7 @@ static int check_chain_extensions(X509_STORE_CTX *ctx)
 ctx->error = X509_V_ERR_PROXY_CERTIFICATES_NOT_ALLOWED;
 ctx->error_depth = i;
 ctx->current_cert = x;
-ok = cb(0, ctx);
+ok = ctx->verify_cb(0, ctx);
 if (!ok)
 goto end;
 }
@@ -457,7 +454,7 @@ static int check_chain_extensions(X509_STORE_CTX *ctx)
 if (ret == 0) {
 ctx->error_depth = i;
 ctx->current_cert = x;
-ok = cb(0, ctx);
+ok = ctx->verify_cb(0, ctx);
 if (!ok)
 goto end;
 }
@@ -469,7 +466,7 @@ static int check_chain_extensions(X509_STORE_CTX *

[openssl-commits] [openssl] master update

2016-01-20 Thread Viktor Dukhovni 
The branch master has been updated
   via  feb2f53edc7e9b96cfe9c0ab611461edabdd2b34 (commit)
   via  0996dc5440cc233f029129182bbb6e3d4613045a (commit)
   via  6e8beabcd4b9450a3a7358bf5668b2bc70580517 (commit)
   via  3342dcea7a633e579e1971dfd16ff3fc14dc3936 (commit)
   via  3d6e91c68051ab94400cf4281f95ffef29a7a4a3 (commit)
   via  8478351737d7edac0f82dd4fc7f2caff994ce93d (commit)
  from  6e32825631bea414c3fc70d16bbb413dac221722 (commit)


- Log -
commit feb2f53edc7e9b96cfe9c0ab611461edabdd2b34
Author: Viktor Dukhovni <openssl-us...@dukhovni.org>
Date:   Sat Jan 16 01:15:02 2016 -0500

Multiple -trusted/-untrusted/-CRLfile options in verify

It is sometimes useful (especially in automated tests) to supply
multiple trusted or untrusted certificates via separate files rather
than have to prepare a single file containing them all.

To that end, change verify(1) to accept these options zero or more
times.  Also automatically set -no-CAfile and -no-CApath when
-trusted is specified.

Improve verify(1) documentation, which could still use some work.

Reviewed-by: Richard Levitte <levi...@openssl.org>

commit 0996dc5440cc233f029129182bbb6e3d4613045a
Author: Viktor Dukhovni <openssl-us...@dukhovni.org>
Date:   Sat Jan 16 00:08:38 2016 -0500

Refactor apps load_certs/load_crls to work incrementally

Reviewed-by: Richard Levitte <levi...@openssl.org>

commit 6e8beabcd4b9450a3a7358bf5668b2bc70580517
Author: Viktor Dukhovni <openssl-us...@dukhovni.org>
Date:   Thu Jan 14 18:10:27 2016 -0500

More X509_verify_cert() tests via verify(1).

Still need tests for trusted-first and tests that probe construction
of alternate chains.

Reviewed-by: Richard Levitte <levi...@openssl.org>

commit 3342dcea7a633e579e1971dfd16ff3fc14dc3936
Author: Viktor Dukhovni <openssl-us...@dukhovni.org>
Date:   Fri Jan 15 03:49:11 2016 -0500

Reject when explicit trust EKU are set and none match.

Returning untrusted is enough for for full chains that end in
self-signed roots, because when explicit trust is specified it
suppresses the default blanket trust of self-signed objects.

But for partial chains, this is not enough, because absent a similar
trust-self-signed policy, non matching EKUs are indistinguishable
from lack of EKU constraints.

Therefore, failure to match any trusted purpose must trigger an
explicit reject.

Reviewed-by: Richard Levitte <levi...@openssl.org>

commit 3d6e91c68051ab94400cf4281f95ffef29a7a4a3
Author: Viktor Dukhovni <openssl-us...@dukhovni.org>
Date:   Fri Jan 15 16:12:42 2016 -0500

Commit pre-generated test_verify certs

These can be re-generated via:

cd test/certs; ./setup.sh

if need be.  The keys are all RSA 2048-bit keys, but it is possible
to change that via environment variables.

cd test/certs
rm -f *-key.pem *-key2.pem
OPENSSL_KEYALG=rsa OPENSSL_KEYBITS=3072 ./setup.sh

cd test/certs
rm -f *-key.pem *-key2.pem
OPENSSL_KEYALG=ecdsa OPENSSL_KEYBITS=secp384r1 ./setup.sh

...

Keys are re-used if already present, so the environment variables
are only used when generating any keys that are missing.  Hence
the "rm -f"

Reviewed-by: Richard Levitte <levi...@openssl.org>

commit 8478351737d7edac0f82dd4fc7f2caff994ce93d
Author: Viktor Dukhovni <openssl-us...@dukhovni.org>
Date:   Fri Jan 15 03:48:27 2016 -0500

Scripts to generate verify test certs

Reviewed-by: Richard Levitte <levi...@openssl.org>

---

Summary of changes:
 apps/apps.c|  30 
 apps/apps.h|  10 +--
 apps/cms.c |   4 +-
 apps/ocsp.c|  15 ++--
 apps/pkcs12.c  |  13 +---
 apps/s_cb.c|   5 +-
 apps/s_client.c|   5 +-
 apps/s_server.c|  10 +--
 apps/smime.c   |   4 +-
 apps/verify.c  |  41 --
 crypto/x509/x509_trs.c |  15 
 doc/apps/verify.pod| 110 ++-
 test/certs/ca+clientAuth.pem   |  18 +
 test/certs/ca+serverAuth.pem   |  18 +
 test/certs/ca-cert.pem |  18 +
 test/certs/ca-cert2.pem|  18 +
 test/certs/ca-expired.pem  |  18 +
 test/certs/ca-key.pem  |  28 +++
 test/certs/ca-key2.pem |  28 +++
 test/certs/ca-name2.pem|  18 +
 test/certs/ca-nonca.pem|  19 +
 test/certs/ca-root2.pem|  18 +
 test/certs/ca-serverAuth.pem   |  18 +
 test/certs/ee+clientAuth.pem   |  20 +
 test/certs/ee+se

[openssl-commits] [openssl] master update

2016-01-19 Thread Viktor Dukhovni 
The branch master has been updated
   via  928623825cc59e272e2031cd3f07c5b7bbd605d4 (commit)
  from  293b5ca47767005e0341b450eef82633f48359f3 (commit)


- Log -
commit 928623825cc59e272e2031cd3f07c5b7bbd605d4
Author: Viktor Dukhovni <openssl-us...@dukhovni.org>
Date:   Tue Jan 19 12:42:31 2016 -0500

API compat for SSLeay_add_ssl_algorithms

Reviewed-by: Dr. Stephen Henson <st...@openssl.org>

---

Summary of changes:
 include/openssl/ssl.h | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h
index 53ee655..3152348 100644
--- a/include/openssl/ssl.h
+++ b/include/openssl/ssl.h
@@ -1031,6 +1031,9 @@ size_t SSL_get_peer_finished(const SSL *s, void *buf, 
size_t count);
 # define SSL_VERIFY_CLIENT_ONCE  0x04
 
 # define OpenSSL_add_ssl_algorithms()SSL_library_init()
+# if OPENSSL_API_COMPAT < 0x1010L
+#  define SSLeay_add_ssl_algorithms()SSL_library_init()
+# endif
 
 /* More backward compatibility */
 # define SSL_get_cipher(s) \
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

  1   2   >